Story image

Kaspersky Labs offers $50,000 'bug bounty' to security researchers

02 Aug 2016

Security researchers Kaspersky Lab and bug bounty platform Hacker One are co-launching a Bug Bounty Program that offers $50,000 in bounty rewards to eagle-eyed security researchers who find and disclose security vulnerabilities to companies.

“Vulnerabilities are inevitable and bug bounty programs are proven to supplement traditional security best practices with the help of the incredibly diverse global hacker community. We look forward to partnering with Kaspersky Lab to help them run the most competitive bug bounty program and continue to protect customers," says Alex Rice, CTO and co-founder of HackerOne.

The Kaspersky Lab bug bounty program begins today and will last for six months. Bug bounty hunters will 'examine our flagship products for consumers and enterprises, Kaspersky Internet Security and Kaspersky Endpoint Security', the company states.

Kaspersky Labs will then analyse results to find out what additional features should be included in the second phase of its program.

Kaspersky Lab says the use of bug bounty programs are effective incentives to get external researchers to speak up about bugs and fix them without putting customers at risk. The company also hopes to learn from the exercise, with plans to further develop relationships with security researchers as well as strengthening its own mitigation strategies.

“Our bug bounty program will help amplify the current internal and external mitigation measures we use to continuously improve the resiliency of our products. We think it’s time for all security companies, large and small, to work more closely with external security researchers by embracing bug bounty programs as an effective and necessary tool to help keep their products secure and their customers protected," says Nikita Shvetsov, chief technology officer, Kaspersky Lab.

Find out more about the program's scope, eligibility, rewards, exceptions and rules here

Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Ensign and IronNet partner to create cyber analytics capabilities
The Singapore-based joint venture will form a Cyber Analytics Center for Excellence focused on securing regional enterprises from sophisticated cyber threats.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.