Security researchers Kaspersky Lab and bug bounty platform Hacker One are co-launching a Bug Bounty Program that offers $50,000 in bounty rewards to eagle-eyed security researchers who find and disclose security vulnerabilities to companies.
“Vulnerabilities are inevitable and bug bounty programs are proven to supplement traditional security best practices with the help of the incredibly diverse global hacker community. We look forward to partnering with Kaspersky Lab to help them run the most competitive bug bounty program and continue to protect customers," says Alex Rice, CTO and co-founder of HackerOne.
The Kaspersky Lab bug bounty program begins today and will last for six months. Bug bounty hunters will 'examine our flagship products for consumers and enterprises, Kaspersky Internet Security and Kaspersky Endpoint Security', the company states.
Kaspersky Labs will then analyse results to find out what additional features should be included in the second phase of its program.
Kaspersky Lab says the use of bug bounty programs are effective incentives to get external researchers to speak up about bugs and fix them without putting customers at risk. The company also hopes to learn from the exercise, with plans to further develop relationships with security researchers as well as strengthening its own mitigation strategies.
“Our bug bounty program will help amplify the current internal and external mitigation measures we use to continuously improve the resiliency of our products. We think it’s time for all security companies, large and small, to work more closely with external security researchers by embracing bug bounty programs as an effective and necessary tool to help keep their products secure and their customers protected," says Nikita Shvetsov, chief technology officer, Kaspersky Lab.
Find out more about the program's scope, eligibility, rewards, exceptions and rules here.