.JPG)
Prizes of up to US$ 100K will be distributed for finding faults
Kaspersky Lab is expanding its bug bounty program, called the Bug Bounty, to include awards of up to US$ 100,000 for the responsible discovery and disclosure of serious vulnerabilities in some of its flagship products, as part of the Global Transparency Initiative. All members of the well-known HackerOne platform, Kaspersky Lab's partner in the bug-finding program initiative, have the opportunity to earn this reward. The new awards are 20 times larger than the existing ones and are in line with the company's commitment to ensuring the total integrity of its products and the protection of its customers.
The top prize will be awarded for discovering flaws that allow remote code execution through the product's database update channel, where malware is executed silently by the user in the high-privileged product process, being able to survive to system restart. Vulnerabilities that allow remote execution of other types of code will receive awards ranging from US$ 5,000 to US$ 20,000 (depending on the vulnerability's level of complexity). Bugs that allow local privileges to be gained or that lead to the disclosure of sensitive data will also receive generous rewards.
Prizes will be distributed for the discovery of previously unknown vulnerabilities in the following products: Kaspersky Internet Security 2019 (latest beta version) and Kaspersky Endpoint Security 11 (latest beta version), running on Windows for Desktop version 8.1 or higher, with the latest updates recently installed.
More details on requirements and qualifications are available at: https://hackerone.com/kaspersky
Commenting on the expansion of the bug bounty program awards, Eugene Kaspersky, CEO of Kaspersky Lab, said that “discovering and fixing bugs is a priority for the company. We invite security researchers to help us ensure there are no vulnerabilities in our products. The immunity of our code and the highest levels of protection we offer to our customers are core principles of our company and a fundamental pillar of our Global Transparency Initiative.”
The bug bounty program, launched in 2016, encourages independent security researchers to complement the company's vulnerability detection and mitigation work. The program has already enabled more than 70 bug reports related to Kaspersky Lab products and services to be resolved, making them even more secure.
THE Global Transparency Initiative of the company, announced on October 23, 2017, was created to mobilize the general information security community and other stakeholders to validate and verify Kaspersky Lab's products, internal processes and business operations, as well as introduce additional accountability mechanisms with which the company can demonstrate that it takes care of all security problems in an immediate and detailed manner.
EN 
PT 
