Kaspersky Lab is extending its bug bounty program to include rewards of up to $100,000.
The new top-end award will be for the discovery and responsible disclosure of severe vulnerabilities in some of the firm’s flagship products, and it represents a twentyfold increase on existing reward levels.
Examples of qualifying discoveries include bugs that enable remote code execution via the product database update channel, with the launch of malware code taking place silently from the user in the product’s high privilege process and being able to survive the reboot of the system.
Vulnerabilities allowing other types of remote code execution will be awarded bounties ranging from $5,000 to $20,000 (depending on the level of complexity of a given vulnerability). Bugs allowing local privilege escalation, or leading to sensitive data disclosure, will also now be awarded bounty payouts.
Rewards are available for the discovery of previously unknown vulnerabilities in Kaspersky Internet Security 2019 and Kaspersky Endpoint Security 11 (the most recent beta), running on desktop Windows version 8.1 or higher, with the most recent updates installed.
“Finding and fixing bugs is a priority for us as a software company,” said Eugene Kaspersky, CEO of Kaspersky Lab. “We invite security researchers to make sure there are no vulnerabilities in our products. The immunity of our code and highest levels of protection that we offer customers is a core principal of our business – and a fundamental pillar of our Global Transparency Initiative.”
The company’s bug bounty program was launched in 2016 on the HackerOne platform.