Kaspersky Lab launches bug bounty program

Researchers will be awarded a total of $50,000 for vulnerabilities during the pilot stage.
Written by Charlie Osborne, Contributing Writer

Kaspersky Lab has launched a bug bounty program to boost the security of the firm's products -- as well as make fresh ties with other researchers.

On Tuesday, the company announced the program at the Black Hat USA conference. The bug bounty scheme will be hosted through the HackerOne platform.

The Moscow, Russia-based firm says the scheme will not only improve software vulnerability detection and patching but will continue to "enhance its relationship with external security researchers."

In a world where cyberattacks are a daily occurrence and there is a skill shortage leaving many businesses hanging, bug bounty programs have become a popular method to gain as many white hat researcher eyes as possible on software.

It is now rarely enough to simply offer hall of fame credit for vulnerability disclosures; instead, companies use established platforms, communication channels, and financial rewards to gain the expertise needed to keep their software and systems as safe as possible.

As Kaspersky says, these programs allow organizations to fix problems "without placing customers at risk."

The first phase of the bug bounty program begins officially on August 2 and will last for six months.

During this time, the cybersecurity firm will offer a total of $50,000 in rewards to researchers who disclose bugs and vulnerabilities within the firm's products.

Currently, only Kaspersky Internet Security and Kaspersky Endpoint Security are part of the program.

Once this stage is complete, the company will decide on what additional products -- and reward levels -- should be included in the second phase.

"Our bug bounty program will help amplify the current internal and external mitigation measures we use to continuously improve the resiliency of our products," said Nikita Shvetsov, chief technology officer at Kaspersky Lab.

"We think it's time for all security companies, large and small, to work more closely with external security researchers by embracing bug bounty programs as an effective and necessary tool to help keep their products secure and their customers protected," Shvetsov added.

10 things you didn't know about the Dark Web

Editorial standards