Kaspersky Lab has announced the extension of its Bug Bounty Program, which encourages qualified individuals and organizations to submit reports on vulnerabilities and bugs found in its products. Initially launched in August 2016, in partnership with leading bug bounty platform provider HackerOne, the program has been successful in uncovering at least 20 bugs in six months. As a result, the program has been extended with increased rewards for security researchers that discover remote code execution bugs.
Under the initial Bug Bounty Program, researchers were asked to examine Kaspersky Lab’s flagship products for consumers and enterprise, Kaspersky Internet Security 2017 and Kaspersky Endpoint Security 10. The second phase of the program adds Kaspersky Password Manager 8 to the scope of the initiative. As an additional incentive, Kaspersky Lab has also increased the rewards for remote code execution bugs from $2000 to $5000.
With today’s increasingly complex security landscape, bug bounty programs are an effective way for security companies to incentivize external researchers to safely find software vulnerabilities. This strategy aids the continuous development of effective tools that provide the most effective level of protection for customers.
Nikita Shvetsov, Chief Technology Officer at Kaspersky Lab, commented: “The security of our customers is our priority. That is why we take independent research into our products very seriously and apply its results to constantly improve our best-in-class technologies. Since August, it is fair to say that our Bug Bounty Program has been successful in optimising our internal and external mitigation measures to continuously improve the resiliency of our products. That’s why we’ve decided to extend it. We appreciate the enthusiastic participation of security researchers worldwide. As a mark of our respect for the work they do in helping us to bolster our solutions, we’ve increased the remuneration on offer in this second phase of the program and extended the scope to include other important Kaspersky Lab products.”
“Kaspersky Lab is a great example of an organization that prioritizes security at every level,” said Alex Rice, co-founder and CTO at HackerOne. “They recognize the responsibility they have to protect customers — both enterprises and consumers — and are taking every step to ensure vulnerabilities are found and fixed before they can be exploited. The expansion of their program shows their commitment to investing in the global hacker community and ensuring their competitive edge in the security market.”
Further information on the Kaspersky Lab Bug Bounty Program, including details of eligibility, can be found here.