They pay up to 100K dollars for vulnerabilities in Kaspersky Lab's anti-viruses

As part of the Global Transparency Initiative launched, Kaspersky Lab expands the Bug Bounty program for prizes of up to $ 100,000 for the detection and responsible disclosure of serious security vulnerabilities in some of its leading products. All members of the well-known platform HackerOne, a partner of Kaspersky Lab in connection with the Bug Bounty initiative, have a chance to win the prize.

The prize for gaps in Kaspersky Lab anti-viruses

100K dollars for vulnerabilities in Kaspersky Lab anti-viruses

The highest reward will be granted for the detection of errors that allow remote code execution through the product database update channel, when the malicious code is launched without the user's knowledge in one of the Kaspersky Lab's high-level software processes and can survive the system restart. For detection of vulnerabilities that allow other methods of remote code execution, rewards of $ 5,000 to $ 20,000 will be granted (depending on the complexity level of the vulnerability). Prizes will also be paid if errors are identified that could increase local privileges or may result in the disclosure of confidential data.

The prizes are awarded for the detection of previously unknown vulnerabilities in the following products: Kaspersky Internet Security 2019 (the latest beta) and Kaspersky Endpoint Security 11 (the latest beta) running on Windows 8.1 or newer with the latest updates installed. Further details about the requirements are available at https://hackerone.com/kaspersky .

The amount has been increased 20 times compared to previous awards and shows that the company strives to ensure the total integrity of its products and the best protection for customers.

Commenting on the increase in the value of Bug Bounty awards, Eugene Kasperski, CEO of Kaspersky Lab, said:

Finding and removing errors is a priority for us as a software development company. We invite security researchers because we want to make sure that our products do not contain security holes. The robustness of our code and the highest level of protection offered to our clients is the basic principle of our business - and the fundamental pillar of our Global Transparency Initiative.

Kaspersky Lab launched its own Bug Bounty program in 2016. The initiative aims to encourage independent security researchers to supplement their own operations in the area of ​​detection and mitigation of security vulnerabilities. The effect of the program was to report and remove over 70 errors related to Kaspersky Lab's products and services.



Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.