AV Vendor Avast has announced that they’ll be sponsoring a bug bounty program, in order to reward researchers who discover flaws in their software. Avast, a Prague-based vendor of AV software – popular among home and small business users, will focus the program on five types of flaws, paying as much as $3,000 per bug.
Ranking by order of importance, Avast says that bounties will be paid for disclosure of remote code execution flaws, local privilege escalation, denial-of-service, sandbox bypasses, and certain types of scanner bypasses.
Base payout is $200 per bug, but depending on the criticality of the bug (as well as its neatness) “the bounty goes much higher (each bug is judged independently by a panel of avast! experts). Remote code execution bugs pay at least $3,000 – $5,000 or more.”
The program is limited to Windows-based versions of Avast software only, meaning that a bug in a Microsoft library (even if it’s used by Avast) will not count. Payments will be made to PayPal accounts, but other considerations can be made on a case-by-case basis.
Additional details on the program are available here.