Kaspersky Lab Extends Bug Bounty Program

Kaspersky Lab Extends Bug Bounty Program

Kaspersky Lab has extended its bug-bounty program.

The company’s program with HackerOne will ask researchers to also examine its Kaspersky Password Manager 8, and as an additional incentive, Kaspersky Lab increased the rewards for remote code execution bugs from $2,000 to $5,000.

“Since August, it is fair to say that our bug-bounty program has been successful in optimizing our internal and external mitigation measures to continuously improve the resiliency of our products, which is why we’ve decided to extend it,” said Nikita Shvetsov, CTO at Kaspersky Lab. “We also appreciate the enthusiastic participation of security researchers worldwide.”

Launched in August 2016, the initial phase of the program helped to successfully uncover roughly 20 bugs in its first six months. Initially, researchers were asked to examine Kaspersky Lab’s flagship products for consumers and enterprises, Kaspersky Internet Security 2017 and Kaspersky Endpoint Security 10.  

“The security of our customers is our priority. That is why we take independent research into our products very seriously and apply its results to constantly improve our best-in-class technologies,” said Shvetsov. “As a mark of our respect for the work they do in helping us to bolster our solutions, we’ve increased the remuneration on offer in this second phase of the program and extended the scope to include other important Kaspersky Lab products.”

Added Alex Rice, co-founder and CTO at HackerOne, “Kaspersky Lab is a great example of an organization that prioritizes security at every level. They recognize the responsibility they have to protect customers—both enterprises and consumers—and are taking every step to ensure vulnerabilities are found and fixed before they can be exploited. The expansion of their program shows their commitment to investing in the global hacker community and ensuring their competitive edge in the security market.”

Source: Information Security Magazine