If you’re a white hat hacker who enjoys seeking out vulnerabilities and day-one exploits in software, Kaspersky has some good news for you.
The cybersecurity firm has just increased the amount it’s offering in its Bug Bounty program up to $100 000, for individuals who can identify and report severe vulnerabilities in some of its leading products.
“The opportunity to get this bounty is available to all members of the famous HackerOne platform, Kaspersky Lab’s partner for the Bug Bounty initiative,” the firm said in a statement. “This is a 20-fold increase on existing rewards, and is evidence of the company’s commitment to ensuring the complete integrity of its products and protection for customers.”
Now, this doesn’t mean anyone who finds an exploit in Kaspersky’s software is in line for $100K. Rather, its a tiered reward program in which bounties are offered for the discovery of different types of remote code execution; bounties can range from $5 000 to $20 000 depending on how complex the vulnerabilities are.
That reward is being offered for “the discovery of bugs that enable remote code execution via the product database update channel, with the launch of malware code taking place silently from the user in the product’s high privilege process and being able to survive the reboot of the system.”
The products Kaspersky wants investigated are as follows:
- Kaspersky Internet Security 2019
- Kaspersky Endpoint Security 11 (the most recent beta), running on Desktop Windows version 8.1 or higher, with the most recent updates installed.
“Finding and fixing bugs is a priority for us as a software company,” said Kaspersky CEO Eugene Kaspersky.
“We invite security researchers to make sure there are no vulnerabilities in our products. The immunity of our code and highest levels of protection that we offer customers is a core principal of our business – and a fundamental pillar of our Global Transparency Initiative.”