Kaspersky extends bug bounty program after successful first phase

Kaspersky has extended its bug bounty program to encourage qualified individuals and organisations to submit reports on vulnerabilities found in the company’s products.

Roughly 20 bugs were uncovered in the program’s initial six-month phase, which saw researchers examine Kaspersky Internet Security 2017 and Kaspersky Endpoint Security 10, the company’s flagship products for consumers and enterprises.

Now, the company is also including its Password Manager 8 and has upped rewards for remote code execution bugs from $2,000 to $5,000 (£1.589-£3,973) as an extra incentive for researchers.

Bug bounty programs are deemed to be an effective way for security companies to incentivise external researchers to safely find and disclose software vulnerabilities, while helping companies continuously improve their security tools and provide multiple layers of protection for customers.

Kaspersky Lab’s chief technology officer Nikita Shvetsov said the company more than doubled rewards as a mark of respect for the work they do in helping to bolster its solutions.

She added: “It is fair to say that our Bug Bounty Program has been successful in optimising our internal and external mitigation measures to continuously improve the resiliency of our products, which is why we’ve decided to extend it.”

Visit hackerone.com/kaspersky for more information on Kaspersky Lab’s Bug Bounty Program including rewards and rules.