Kaspersky Lab offers $100 000 for finding bugs
Security giant Kaspersky Lab has boosted its bug bounty program to include rewards of up to $100 000 for the discovery and responsible disclosure of severe vulnerabilities in some of its products.
All members of the HackerOne platform, Kaspersky Lab's partner for the Bug Bounty initiative are eligible for the bounty, which is a 20-fold increase on existing rewards.
The highest reward is available for the discovery of bugs that enable remote code execution via the product database update channel, with the launch of malware code taking place silently from the user in the product's high privilege process and being able to survive the reboot of the system.
The discovery of vulnerabilities that allow other types of remote code execution will be awarded bounties ranging from $5 000 to $20 000, depending on the level of complexity of a particular vulnerability, says Kaspersky.
Bugs allowing local privilege escalation, or leading to sensitive data disclosure will also be awarded bounty payouts.
Rewards are available for the discovery of previously unknown vulnerabilities in the following products: Kaspersky Internet Security 2019 and Kaspersky Endpoint Security 11, the most recent beta, running on Desktop Windows version 8.1 or higher, with the most recent updates installed.
Eugene Kaspersky, CEO of Kaspersky Lab, says discovering and fixing bugs is a priority for his organisation. "We invite security researchers to make sure there are no vulnerabilities in our products. The immunity of our code and highest levels of protection that we offer customers is a core principal of our business."
Kaspersky Lab's bounty program, debuted in 2016, and invites independent security researchers to supplement the company's own work in vulnerability detection and mitigation.
The program has already led to more than 70 bug reports related to Kaspersky Lab products and services being resolved.
Further details of requirements and eligibility are available here.