Kaspersky ups bug bounty reward program


Kaspersky wants to make absolutely certain its products are free of bugs and vulnerabilities. With that in mind, it has announced that the reward for finding critical flaws has been increased to $100,000.

All members of its HackerOne platform are eligible to participate. Kaspersky says not all vulnerabilities fall under the ‘severe category’:

“The top reward is available for the discovery of bugs that enable remote code execution via the product database update channel, with the launch of malware code taking place silently from the user in the product’s high privilege process and being able to survive the reboot of the system,” the company said in a press release announcing the improved bounty.

Bounty for lesser bugs range from $5000 to $20,000 and those include vulnerabilities which allow other types of remote code execution.

Commenting on the increase in the bug bounty rewards, Eugene Kaspersky, CEO of Kaspersky Lab, said: “Finding and fixing bugs is a priority for us as a software company. We invite security researchers to make sure there are no vulnerabilities in our products. The immunity of our code and highest levels of protection that we offer customers is a core principal of our business – and a fundamental pillar of our Global Transparency Initiative.”

HackerOne members are invited to look for bugs in Kaspersky Internet Security 2019 (the most recent beta), and Kaspersky Endpoint Security 11, also most recent beta. Both need to be running on desktop Windows 8.1 or above.

Image Credit: Alexxsun