BOSS OS Bug Bounty Programme 2026 | SSM Portal

Login Signup

hub

Your Action Centre

Bug Bounty Dashboard

Report vulnerabilities, manage your team, or join the programme.

assignmentProblems location_onVenue scheduleTimeline emoji_eventsPrizes gavelRules

shield_person

SPOC Dashboard

Manage Your Bug Bounty Teams

Create up to 3 teams · Add up to 5 participants each

0

Teams

0

Members

3

Max

group_add

Create New Team

group_work

Your teams will appear here once created.

info Prerequisites — Before Adding Members expand_more

person_check

Only profile-completed students can be added.

Students must complete their User Profile (institute type, personal information, supporting document) before they can be added. Must be 18+.

school

Ask students to log in to the SSM Portal, go to My Profile, and complete all required fields — Select institute type: Student, fill in DOB/gender, select institution, upload college ID / bonafide certificate.

emoji_events BOSS OS Bug Bounty

BOSS OS Bug Bounty Programme 2026

Secure India's Indigenous OS

36-hour national cybersecurity hackathon to identify vulnerabilities in BOSS GNU/Linux.

Report Now Rules

hub Problem Domains

Focus on Critical Domains.

Hunt Real Vulnerabilities.

Investigate kernel, authentication, networking, and core OS surfaces.

View Domains Schedule

workspace_premium Awards & Recognition

Report High-Impact Bugs.

Earn National Recognition.

Top participants receive cash prizes, certificates, and CVE recognition.

View Awards FAQs

assignment Official Challenges

Problem Statements

Choose a problem statement, investigate the vulnerability surface, and submit your findings.

assignment PS-01

Hard

Kernel and System Call Security

bar_chart 0 submission(s) received

info Identify and report vulnerabilities for this problem statement.

Code: PS-01

assignment PS-02

Hard

Authentication, Access Control, and Privilege Management

bar_chart 0 submission(s) received

info Identify and report vulnerabilities for this problem statement.

Code: PS-02

assignment PS-03

Hard

Package Management and Software Supply Chain

bar_chart 0 submission(s) received

info Identify and report vulnerabilities for this problem statement.

Code: PS-03

assignment PS-04

Hard

Network Stack, Services, and Firewall

bar_chart 0 submission(s) received

info Identify and report vulnerabilities for this problem statement.

Code: PS-04

assignment PS-05

Hard

Boot Process, GRUB, and Secure Boot

bar_chart 0 submission(s) received

info Identify and report vulnerabilities for this problem statement.

Code: PS-05

assignment PS-06

Medium

Desktop Environment and GUI Layer

bar_chart 0 submission(s) received

info Identify and report vulnerabilities for this problem statement.

Code: PS-06

assignment PS-07

Medium

File System, Permissions, and Storage

bar_chart 0 submission(s) received

info Identify and report vulnerabilities for this problem statement.

Code: PS-07

assignment PS-08

Medium

Logging, Auditing, and Monitoring

bar_chart 0 submission(s) received

info Identify and report vulnerabilities for this problem statement.

Code: PS-08

assignment PS-09

Medium

Cryptographic Implementation and Configuration

bar_chart 0 submission(s) received

info Identify and report vulnerabilities for this problem statement.

Code: PS-09

assignment PS-10

Medium

Containerisation, Virtualisation, and Namespace Security

bar_chart 0 submission(s) received

info Identify and report vulnerabilities for this problem statement.

Code: PS-10

assignment Others

Open

Report a bug outside the 10 listed categories

bar_chart 0 submission(s) received

info Identify and report vulnerabilities for this problem statement.

Code: Others

BOSS OS Bug Bounty Programme

ABOUT THE PROGRAMME

About the Programme

This PAN India Bug Bounty Programme is designed to identify security vulnerabilities in BOSS OS, an indigenous Linux distribution used in government systems. Participants include students, researchers, and professionals working together to strengthen national cybersecurity.

verified

Responsible Disclosure

Responsible disclosure under NDA keeps findings protected throughout submission, triage and remediation.

rocket_launch

Real-World Security Testing

Real-world OS security testing helps validate BOSS GNU/Linux against practical attack scenarios.

Note: Your work contributes directly to strengthening national infrastructure.

NATIONAL COVERAGE

Regional Venue Deployment

north

North Zone

Delhi, Punjab, Rajasthan, J&K

location_on Noida

location_on Mohali

location_on Kanpur

schedule Venue will be announced soon

south

South Zone

Tamil Nadu, Karnataka, Telangana

location_on Chennai

location_on Bangalore

location_on Hyderabad

schedule Venue will be announced soon

east

East Zone

West Bengal, Assam, Bihar

location_on Kolkata

location_on Guwahati

location_on Patna

schedule Venue will be announced soon

west

West Zone

Maharashtra, Gujarat, Madhya Pradesh

location_on Mumbai

location_on Gandhinagar

location_on Indore

schedule Venue will be announced soon

Programme Timeline

Follow the official process from registration through triage, scoring and final awards.

1

how_to_reg

Registration

Portal opens for participants

2

construction

Environment Setup

BOSS OS VM provided

3

bug_report

36-Hour Bug Hunting

Identify and validate vulnerabilities

Core Phase

4

fact_check

Submission & Triage

Vulnerability report review and verification

5

emoji_events

Results & Awards

Evaluation completed with CVSS-based decisions

gavel Rules & Eligibility

Permitted

check_circle Testing only in the provided BOSS OS environment.
check_circle Vulnerability research and proof-of-concept creation.

Strictly Prohibited

cancel Testing any real or production systems.
cancel Denial-of-service attacks of any kind.
cancel Data theft, exfiltration or unauthorized access to real information.
cancel Public disclosure before official approval.

Important: Responsible disclosure rules and programme decisions will be binding on all participants.

assessment Evaluation Criteria

Critical 10 points(₹10,000 Per Critical Bug)

High 8 points(₹5,000 Per High Bug)

Medium 5 points(₹2,000 Per Medium Bug)

Low 2 points

info

1 Critical vulnerability equals 20 Low vulnerabilities.

emoji_events Prize Pool

Awards & Prize Pool

Cash prizes, certificates, CVE recognition and national awards for top submissions.

workspace_premium

🥈 Runner Up

2nd Prize

₹ 75,000

Certificates + CVE Recognition + National Awards

Champion

stars

🥇 Grand Winner

1st Prize

₹1,00,000

Certificates + CVE Recognition + National Awards

military_tech

🥉 Second Runner Up

3rd Prize

₹50,000

Certificates + CVE Recognition + National Awards

info All prize winners receive Certificates + CVE Recognition + National Awards

Welcome to Secure OS Portal support. You can type your question below or tap a quick question to get instant help.

edit_square