Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Kaspersky Lab Launches Bug Bounty Program With HackerOne

    By
    SEAN MICHAEL KERNER
    -
    August 3, 2016
    Share
    Facebook
    Twitter
    Linkedin
      bug bounty program

      Kaspersky Lab is no stranger to the world of vulnerability research, but the company is now opening up and enabling third-party security researchers to disclose vulnerabilities about Kaspersky’s own software.

      The new effort is being conducted as a bug bounty program on the HackerOne platform. Kaspersky Lab is initially providing a total of $50,000 in bug bounties and is starting off with its Kaspersky Internet Security and Kaspersky Endpoint Security products as targets for researchers.

      “The initial phase will last six months, and based on the results of this first phase, we will revise our offering in terms of budget, scope of products and types of vulnerabilities covered moving forward,” Ryan Naraine, director of the Global Research & Analysis Team, U.S., at Kaspersky Lab, told eWEEK.

      Cyber-security companies have a higher level of responsibility to make sure their products are secure and their customers remain protected, and a bug bounty program is one of the tools that can help vendors strengthen their products, according to Naraine. He noted that Kaspersky conducted a successful invite-only beta bug bounty program and has now decided to make its program open for everyone.

      “The bug bounty program will supplement our overall internal strategy aimed at making our software products more secure,” Naraine said.

      Kaspersky Lab isn’t the only cyber-security vendor using HackerOne to run a bug bounty program. HackerOne also hosts public bug bounty programs for Cylance and Glasswire and helped the U.S. Department of Defense with the Hack the Pentagon program earlier this year.

      “Several other security vendors are still earlier in their programs with private, invitation-only programs on the platform,” Alex Rice, CTO and co-founder of HackerOne, told eWEEK.

      The market for bug bounty platforms is competitive, with several options beyond HackerOne available, including Bugcrowd and Synack. Rice said that Kaspersky Lab started out like most of its customers by running a private, or invitation-only, pilot with a select group of hackers. Following the success of this initial private pilot, Kaspersky’s program and security team are ready for a public program.

      Rice noted that HackerOne has more than 550 customers, yet only about quarter of those customers are running public programs. According to Rice, the fact that Kaspersky is now running a public program speaks to Kaspersky’s maturity and ability to handle an increased volume of vulnerability reports.

      In addition, Rice said that Kaspersky Lab has had a long-standing Vulnerability Reporting and Disclosure policy that has enabled it to build a positive relationship with the security community.

      “When talking with the Kaspersky team, you are greeted with a genuine belief that security software should be held to a higher standard,” he said. “They want to learn about as many weaknesses as possible so that they can be quickly eliminated and the bar raised.”

      Kaspersky has been the target of third-party researchers in the past, including Google Project Zero researcher Tavis Ormandy in 2015. One of the incredible strengths of the security research community is the diversity of motivations behind their work, Rice said.

      “While many researchers—including Project Zero—are motivated primarily by the intellectual challenge and altruism, providing additional incentives to attract the broadest set of eyeballs is just good common sense,” he said. “We look forward to working with any researchers who have identified a vulnerability.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×