Kaspersky Lab South Africa has announced the extension of its bug bounty program with rewards of up to $100,000 as part of its Global Transparency Initiative.
Kaspersky Lab's headquarters in Moscow, Russia. Photo: CFATech.ng
The bug bounty program aims for the discovery and responsible disclosure of severe vulnerabilities in some of its leading products. The opportunity to get this bounty is available to all members of the HackerOne platform, Kaspersky Lab’s partner for the Bug Bounty initiative.
The 20-fold increase on existing rewards is evidence of the company’s commitment to ensuring the complete integrity of its products and protection for customers.
The top reward is available for the discovery of bugs that enable remote code execution via the product database update channel, with the launch of malware code taking place silently from the user in the product’s high privilege process and being able to survive the reboot of the system.
Vulnerabilities allowing other types of remote code execution will be awarded bounties ranging from $5000 to $20000 depending on the level of complexity of a given vulnerability. Bugs allowing local privilege escalation, or leading to sensitive data disclosure will also be awarded bounty payouts.
Commenting on the increase in the bug bounty rewards, Eugene Kaspersky, CEO of Kaspersky Lab, said: “Finding and fixing bugs is a priority for us as a software company. We invite security researchers to make sure there are no vulnerabilities in our products. The immunity of our code and highest levels of protection that we offer customers is a core principal of our business – and a fundamental pillar of our Global Transparency Initiative.”
The company’s bug bounty program, launched in 2016, encourages independent security researchers to supplement the company’s own work in vulnerability detection and mitigation.
The company’s Global Transparency Initiative announced on 23 October 2017 is designed to engage the broader information security community and other stakeholders in validating and verifying Kaspersky Lab’s products, internal processes, and business operations. It is headquartered in Moscow, Russia.