View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Kaspersky Lab opens up bug bounty programme to all researchers

News: The programme, in association with HackerOne, will last through February 2017.

By CBR Staff Writer

Kaspersky Lab has launched a bug bounty programme with HackerOne, initially offering up to $50,000 rewards to security researchers.

The bounty rewards will be available to researchers identifying vulnerabilities in the Russian company’s consumer and business products, Kaspersky Internet Security and Kaspersky Endpoint Security respectively.

In scope will be local privilege escalation, unauthorised access of user data, and remote code execution flaws in each product.

Kaspersky Lab’s online services, websites and other network services are out of scope.

The programme, which will run for six months, aims to improve Kaspersky Lab’s relationships with external security researchers.

Upon completion of the preliminary phase, Kaspersky Lab will assess the results to identify which other products and rewards should be included in the second phase of the programme.

Kaspersky Lab chief technology officer Nikita Shvetsov said:Our bug bounty programme will help amplify the current internal and external mitigation measures we use to continuously improve the resiliency of our products.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

We think it’s time for all security companies, large and small, to work more closely with external security researchers by embracing bug bounty programs as an effective and necessary tool to help keep their products secure and their customers protected.”

Several companies have offered bounty rewards in recent years for finding flaws in their systems.

Last June, LinkedIn paid out more than $65,000 (£41,000) in private bug bounty prizes after 65 flaws were reported to the professional social network.

Microsoft has also launched a bug bounty programme in 2014 in a bid to fix software vulnerabilities in Trustworthy Computing department.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.