Kaspersky Lab boosts bug bounty program with new reward of $100,000

Posted on Mar 7 2018 - 5:51pm by Upgrade Staff

As part of its Global Transparency Initiative, Kaspersky Lab is extending its successful bug bounty program to include rewards of up to $100,000 for the discovery and responsible disclosure of severe vulnerabilities in some of its leading products.

The opportunity to get this bounty is available to all members of the HackerOne platform, Kaspersky Lab’s partner for the Bug Bounty initiative. This is a 20-fold increase on existing rewards, and is evidence of the company’s commitment to ensuring the complete integrity of its products and protection for customers.

The top reward is available for the discovery of bugs that enable remote code execution via the product database update channel, with the launch of malware code taking place silently from the user in the product’s high privilege process and being able to survive the reboot of the system. Vulnerabilities allowing other types of remote code execution will be awarded bounties ranging from $5000 to $20000 (depending on the level of complexity of a given vulnerability). Bugs allowing local privilege escalation, or leading to sensitive data disclosure will also be awarded bounty payouts.   

Rewards are available for the discovery of previously unknown vulnerabilities in the following products: Kaspersky Internet Security 2019 (the most recent beta) and Kaspersky Endpoint Security 11 (the most recent beta), running on Desktop Windows version 8.1 or higher, with the most recent updates installed.

Commenting on the increase in the bug bounty rewards, Eugene Kaspersky, CEO of Kaspersky Lab, said: “Finding and fixing bugs is a priority for us as a software company. We invite security researchers to make sure there are no vulnerabilities in our products. The immunity of our code and highest levels of protection that we offer customers is a core principal of our business – and a fundamental pillar of our Global Transparency Initiative.”

The company’s bug bounty program, launched in 2016, encourages independent security researchers to supplement the company’s own work in vulnerability detection and mitigation. The program has already led to more than 70 bug reports related to Kaspersky Lab products and services being resolved and thus making them even more secure.

The company’s Global Transparency Initiative, announced on 23 October 2017 is designed to engage the broader information security community and other stakeholders in validating and verifying Kaspersky Lab’s products, internal processes, and business operations, as well as introducing additional accountability mechanisms by which the company can further demonstrate that it addresses any security issues promptly and thoroughly.

Related Posts

McAfee announces new status as standalone cybersec... McAfee announced that it has begun operating as a new standalone company. As a standalone business, McAfee is one of the world’s largest pure-play cyb...
SecureData partners with Cylance to offer CylanceP... SecureData, provider of managed cybersecurity services, announced that it partnered with Cylance to offer its next-generation endpoint threat preventi...
New variant of SynAck ransomware uses sophisticate... Kaspersky Lab researchers discovered a new variant of the SynAck ransomware Trojan using the Doppelgänging technique to bypass anti-virus security by ...
10 IT security tips for SMBs By Jennifer Saber Senior Vice President and Head of Information Technology Kaspersky Lab North America Starting a business has never been for the f...
The most common malware classifications To help the public understand the different terms used in cyber security, security experts from Kaspersky Lab break down some of the most common malic...
Futuriom SysSecOps Reports finds major gaps in sec... Futuriom's two-month study on integrated systems and security operations (SysSecOps) strategy, "Endpoint Security and SysSecOps: The Growing Trend to ...
Last three months of 2016 witnessed significant ad... The last three months of 2016 witnessed significant advances in DDoS attacks. Methods are becoming more and more sophisticated, the array of devices b...
When Facebook data is leaked: To delete or not to ... Image by Kaspersky Lab Over the last nine years, Facebook has grown from a small social networking site originally intended for college students i...
Don’t let cybercriminals reel you in Keeping online accounts secure is more important than ever, with a growing number of fraudsters trying to steal information, such as passwords and pe...
Most victims of Hellsing malware were in PH: Kaspe... Close to 20 organizations, mostly government and diplomatic entities, are targeted by the Hellsing malware, which has been active since at least 2012 ...
About the Author

Leave A Response