Story image

Kaspersky Labs offers $50,000 'bug bounty' to security researchers

02 Aug 16

Security researchers Kaspersky Lab and bug bounty platform Hacker One are co-launching a Bug Bounty Program that offers $50,000 in bounty rewards to eagle-eyed security researchers who find and disclose security vulnerabilities to companies.

“Vulnerabilities are inevitable and bug bounty programs are proven to supplement traditional security best practices with the help of the incredibly diverse global hacker community. We look forward to partnering with Kaspersky Lab to help them run the most competitive bug bounty program and continue to protect customers," says Alex Rice, CTO and co-founder of HackerOne.

The Kaspersky Lab bug bounty program begins today and will last for six months. Bug bounty hunters will 'examine our flagship products for consumers and enterprises, Kaspersky Internet Security and Kaspersky Endpoint Security', the company states.

Kaspersky Labs will then analyse results to find out what additional features should be included in the second phase of its program.

Kaspersky Lab says the use of bug bounty programs are effective incentives to get external researchers to speak up about bugs and fix them without putting customers at risk. The company also hopes to learn from the exercise, with plans to further develop relationships with security researchers as well as strengthening its own mitigation strategies.

“Our bug bounty program will help amplify the current internal and external mitigation measures we use to continuously improve the resiliency of our products. We think it’s time for all security companies, large and small, to work more closely with external security researchers by embracing bug bounty programs as an effective and necessary tool to help keep their products secure and their customers protected," says Nikita Shvetsov, chief technology officer, Kaspersky Lab.

Find out more about the program's scope, eligibility, rewards, exceptions and rules here

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.