Tencent SRC vulnerability reward mechanism is upgraded again! Energetic investment in safety and ecological collaborative construction
Posted May 27, 2020 • 3 min read
The Tencent SRC vulnerability reward mechanism is upgraded again! Invest heavily in collaborative construction of safety and ecology
Recently, Tencent announced the official launch of the "Single Vulnerability Million Rewards Program" and the "Daily Vulnerability Rewards Mechanism Upgrade Program", vigorously increasing investment in the construction of security systems. After the upgrade, the single loophole bonus in the security public test can be up to one million, the daily loophole bonus will also be fully improved, and the upper limit of the vulnerability basic reward will be increased to 10,000 yuan.
According to Tencent, the "Single Vulnerability Million Rewards Program" is the first time that Tencent has launched a million-level reward program for individual vulnerabilities, hoping to use this to gather professional forces and protect users' safety. In response to daily vulnerabilities, TSRC will also add a reward budget of one million yuan for the whole year, and will subsequently invest more and build a good security ecosystem with the industry through security public testing, technology sharing, and solution output.
The TSRC announcement shows that the "Single Vulnerability Million Rewards Program" runs throughout the year and will start on May 22 and will continue until December 31, 2020. During the Million Rewards Program, TSRC will launch a public security test for Tencent's own server operating system and Tencent's self-developed IoT operating system, and it will be fully open to security experts, white hat researchers, developers and security enthusiasts worldwide, with a single vulnerability The maximum bonus will be RMB 1 million.
Tencent has always maintained a high degree of attention and investment in the security field. Ma Huateng, deputy to the National People's Congress and chairman of the board of directors and CEO of Tencent, put forward in the recommendations of the two sessions this year that it is necessary to increase the training of security talents, breakthroughs in core technologies, and collaboration in security and ecology to give full play to the core guarantee value of network information security in the construction of the digital economy. .
At present, China's digital economy is moving towards a new era with new infrastructure as the strategic cornerstone, data as the key element, and industrial Internet as the advanced stage. The construction of a network security system is becoming an important "foundation" of the national economy and people's livelihood under the background of rapid development of new infrastructure and rapid growth of network equipment and data resources.
As early as 2012, Tencent began to lay out the systematic construction of enterprise security, and was also a frontier explorer of the SRC mechanism. In China, Tencent is the first company to initiate a self-built security emergency response platform-TSRC, which is used for Tencent's vulnerability collection and emergency response. TSRC advocates that vulnerability discoverers submit directly to enterprises, and encourages technical geeks to become co-builders of a safe ecosystem. Over the past eight years, a large number of white hats have joined hands with Tencent to jointly safeguard the safety of hundreds of millions of users worldwide. Tencent is also continually optimizing the white hat reward mechanism, providing more open and friendly cooperation space for security technology enthusiasts by applying for more rewards, holding white hat exchange salons and other methods.
Only in 2020, TSRC has launched five consecutive public testing activities for different businesses, and the bonus level is also continuously increasing. Among them, in the public testing activities for the Tencent conference in April, TSRC launched the million bonus pool for the first time, and the additional reward for a single vulnerability can be up to 200,000 yuan.