Russian multinational cybersecurity firm and antivirus provider Kaspersky Lab has announced the extension of its Bug Bounty Program, first started late summer last year.
In a press release, the company notes that since the beginning of its Bug Bounty Program on August 1, 2016, which was started in partnership with platform provider HackerOne and kept going for six months, 20 bugs have been discovered between the two products that were subject to the initiative: Kaspersky Internet Security 2017 and Kaspersky Endpoint Security 10. This aforementioned time frame constituted phase one of the program, with the firm kicking off phase two as we speak.
What's changed is the financial reward offered for discovery of remote code execution bugs, up to $5,000 from $2,000 previously, and the addition of Kaspersky Password Manager 8 to the line-up of target products. As opposed to phase one, now both "qualified individuals and organizations" can submit reports on the three Kasperksy products.
Commenting on the matter Kaspersky's Chief Technology Officer, Nikita Shvetsov, stated:
The security of our customers is our priority. That is why we take independent research into our products very seriously and apply its results to constantly improve our best-in-class technologies. Since August, it is fair to say that our Bug Bounty Program has been successful in optimising our internal and external mitigation measures to continuously improve the resiliency of our products. That’s why we’ve decided to extend it. We appreciate the enthusiastic participation of security researchers worldwide. As a mark of our respect for the work they do in helping us to bolster our solutions, we’ve increased the remuneration on offer in this second phase of the program and extended the scope to include other important Kaspersky Lab products.
The cybersecurity firm is looking for people to test these three products on "Microsoft Windows 8.1, or a more recent Microsoft desktop OS", with specific intent to find local privilege escalation, user data compromise and remote code execution vulnerabilities. These would be rewarded, on average, with $1,000, $2,000, and $5,000 respectively.
More information about the program can be found on the appropriate page at HackerOne.