TSRC is formally launching a special project that focuses on Tencent’s own server and IoT operating system. We sincerely invite all white hat researchers to find possible vulnerabilities in Tencent OS and report them to TSRC. We look forward to working with you to further enhance the security of Tencent and its millions of users around the world.
The special project will last throughout the year and the maximum bounty for a single vulnerability will be up to USD$140,000.
• Other eligible vulnerabilities not mentioned in the table above:
Researchers reporting other eligible vulnerabilities not mentioned in the above table will receive twice the regular monetary rewards and credits stated in our policy page.
• Please refer to the Tencent policy page to view the regular bounty table.
If multiple researchers report the same vulnerability, the reward will be awarded to the first reporter.
Please DO NOT conduct test in live Tencent network environment.
2. The in-scope assets only include the OS system itself and does not include self-installed third-party software/components.
3. An effective recurring exploitation must be clearly explained and provided, and the specific vulnerability rating will determined by CVSS.
4. If the researcher has any questions about the scope, submission process, vulnerability assessment and rating, etc., please use the comment function of your vulnerability report page or contact us at firstname.lastname@example.org directly. TSRC will protect the due rights of researchers, and if necessary, may bring in external parties to make a joint decision.