Bug bounty program for software vulnerabilities

Kaspersky Lab recently launched a bug bounty program with HackerOne. The first phase of the program will run for a six-month period, with a total of $50,000 in bounty rewards offered to security researchers. Participants will examine flagship products and, after the preliminary phase is complete, the company will evaluate the results to determine what additional products and rewards should be included in the second phase of its bounty program. 

Today’s cyberthreat landscape is becoming increasingly complex, requiring security companies to continuously identify and implement effective tools in order to provide the most robust level of protection. Bug bounty programs are an effective security measure that incentivises external researchers to safely find and disclose software vulnerabilities to companies. As a result, these organisations are able to fix the reported issues without placing customers at risk.  

“Our bug bounty program will help amplify the current internal and external mitigation measures we use to continuously improve the resiliency of our products,” said Nikita Shvetsov, chief technology officer at Kaspersky Lab. “We think it’s time for all security companies, large and small, to work more closely with external security researchers by embracing bug bounty programs as an effective and necessary tool to help keep their products secure and their customers protected.” 

“Vulnerabilities are inevitable and bug bounty programs are proven to supplement traditional security best practices with the help of the incredibly diverse global hacker community,” said Alex Rice, CTO and co-founder, HackerOne. 

Image credit: ©iStockphoto.com/Vlad Kochelaevskiy