Kaspersky Lab is inviting security researchers from all corners of the world to participate in its recently introduced Kaspersky Lab Bug Bounty Program.
Through the programme, the software security company says it aims to further bolster its mitigation strategy for addressing inherent software vulnerabilities while also enhancing its relationship with external security researchers.
The first phase of the bug bounty programme, held in partnership with bug bounty platform provider HackerOne, will officially begin on 1 September 2016 and last for a six-month period. During this initial phase, Kaspersky Lab says it will offer a total of $50 000 in bounty rewards to security researchers.
Nikita Shvetsov, chief technology officer at Kaspersky Lab, says the bug bounty participants will examine the company's flagship products for consumers and enterprises, and evaluate the results to determine what additional products and rewards should be included in the second phase of its bounty programme.
"Our bug bounty programme will help amplify the current internal and external mitigation measures we use to continuously improve the resiliency of our products. We think it's time for all security companies, large and small, to work more closely with external security researchers by embracing bug bounty programmes as an effective and necessary tool to help keep their products secure and their customers protected," he explains.
Alex Rice, CTO and co-founder of HackerOne, says his company is excited to partner with Kaspersky Lab to run the most competitive bug bounty programme while protecting customers' software.
"Vulnerabilities are inevitable and bug bounty programmes are proven to supplement traditional security best practices with the help of the incredibly diverse global hacker community," notes Rice.
Kaspersky Lab joins dozens of firms that already offer payments to researchers who help uncover flaws in their products. Apple recently announced plans to offer rewards of up to $200 000 to researchers who find critical security bugs in its products.
The maker of iPhones and iPads provided Reuters with details of the plan, which includes some of the biggest bounties offered to date, ahead of unveiling it at the Black Hat cyber-security conference in Las Vegas last week.
The programme will initially be limited to about two-dozen researchers who Apple will invite to help identify hard-to-uncover security bugs in five specific categories.
Share