Kaspersky Lab Increases Rewards With Extended Bug Bounty Programme


Security researchers will now receive $5000 (£3,974) for discovering remote code execution bugs in Kaspersky products

Kaspersky Lab has extended its bug bounty programme, adding another product to the initiative and upping the rewards on offer in an effort to encourage more white-hat hackers to submit reports on vulnerabilities.

When the programme was first launched in August 2016, researchers only had access to Kaspersky Internet Security 2017 and Kaspersky Endpoint Security 10, but Kaspersky Password Manager 8 has now been added to the mix.

In terms of rewards, researchers will now receive $5000 (£3,974) for remote code execution bugs, compared to the previous sum of $2000 (£1,588). Also on offer is $1,000 (£780) for local privilege escalation bugs and $2000 for user data compromises.

security vulnerability Shutterstock - © Andy Dean Photography

Bug bounty

The programme was created in partnership with big bounty platform provider HackerOne and it has so far been a successful one for Kaspersky, with around 20 bugs uncovered in just six months.

“The security of our customers is our priority. That is why we take independent research into our products very seriously and apply its results to constantly improve our best-in-class technologies”, said Nikita Shvetsov, Chief Technology Officer at Kaspersky Lab. “Since August, it is fair to say that our Bug Bounty Program has been successful in optimising our internal and external mitigation measures to continuously improve the resiliency of our products.

“That’s why we’ve decided to extend it. We appreciate the enthusiastic participation of security researchers worldwide. As a mark of our respect for the work they do in helping us to bolster our solutions, we’ve increased the remuneration on offer in this second phase of the program and extended the scope to include other important Kaspersky Lab products.”

Alex Rice, co-founder and CTO at HackerOne, said the expansion shows Kaspersky’s “commitment to investing in the global hacker community”.

Bug bounty programmes have become lucrative options for white-hat hackers and security researchers. Google, for example, paid out nearly $1 million (£780,000) for each Chrome and Android bug discovered in 2016, with over 1,000 people receiving rewards.

Facebook also paid one researcher $40,000 (£32,500) for spotting a bug and Apple launched a $200,000 (£155,000) bug bounty programme of its own, showing that the money is definitely there for ethical hackers looking to cash in.

Are you a cyber security expert? Try our quiz!