The Cloud Native Computing Foundation (CNCF), which is responsible for maintaining Kubernetes, has announced a bug bounty program for the popular open-source container orchestration system. In partnership with Google and HackerOne, the CNCF will offer rewards ranging from $100 - $10,000 to worthy researchers.
Since Google originally built Kubernetes in 2014 the program has seen an explosion in popularity. With this increased popularity comes more intense scrutiny of the program’s security. As a result, the Kubernetes Product Security Committee is encouraging independent researchers to help provide insight into potential security vulnerabilities. This new bounty program serves as a financial incentive for these researchers.
HackerOne, a bug bounty solutions provider, is helping coordinate this program and has provided a detailed outline of how/when researchers should report potential issues. This program has been in private beta for several months now, and although the top reward is hefty ($10,000), average bounties are much lower ($250-$500).