Kaspersky Lab launched a new contest that calls on hackers to search for and report vulnerabilities within the cybersecurity company’s flagship programs.
Announced Tuesday at the Black Hat USA Conference in Las Vegas, the six-month bug bounty encourages experts to uncover bugs within two programs — Kaspersky Internet Security 2017 and Kaspersky Endpoint Security. Kaspersky is offering rewards to hackers who expose three types of vulnerabilities, according to its site:
- $1,000 (on average) for local privilege escalation
- $2,000 (on average) for compromised, sensitive user data
- $2,000 (on average) for remote code execution
In the initial phase, the security company will offer a total of $50,000 in rewards. Kaspersky plans to offer more rewards during the second phase of the competition, which has not been announced yet.
HackerOne, a popular bounty platform, will host the program. In the past, the company has also run bug bounties for the Department of Defense’s Hack the Pentagon program, and companies like Yahoo and Uber.
“Our bug bounty program will help amplify the current internal and external mitigation measures we use to continuously improve the resiliency of our products,” Kaspersky’s Chief Technology Officer Nikita Shvetsov said in a statement.
“We think it’s time for all security companies, large and small, to work more closely with external security researchers by embracing bug bounty programs as an effective and necessary tool to help keep their products secure and their customers protected,” he added.
Contact the reporter on this story via email: Jeremy.Snow@FedScoop.com. Follow him on Twitter @JeremyM_Snow. Sign up for the Daily Scoop — all the federal IT news you need in your inbox every morning — here: fdscp.com/sign-me-on.