Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Bitdefender Offers Up to $1,500 in Public Bug Bounty Program

Bitdefender announced on Wednesday the launch of a Bugcrowd-based public bug bounty program with rewards of up to $1,500.

Bitdefender announced on Wednesday the launch of a Bugcrowd-based public bug bounty program with rewards of up to $1,500.

The Romania-based security firm has been running a bug bounty initiative since late 2015, and it has now decided to launch a public program on Bugcrowd in an effort to take advantage of the skills of the 60,000 hackers registered on the platform.

The program covers the bitdefender.net and bitdefender.com websites and their subdomains, and the Bitdefender GravityZone Business Security and Bitdefender Total Security 2017 products.

The highest payout, between $900 and $1,500, can be earned for serious vulnerabilities, such as default credentials on a production server, local file inclusion, remote code execution, error-based and blind SQL injection, XML external entity (XXE) injection, authentication bypass, command injection, and exposure of sensitive data such as passwords or private API keys. The minimum reward offered by the security firm is $100.

Bitdefender’s bug bounty page on Bugcrowd lists a series of issues that are not in scope, and informs researchers of more than a dozen potential security problems that are considered “accepted risk” and ones that will only earn them kudos points.

“Being proactive rather than re-active to emerging security issues is a fundamental belief at Bitdefender,” said Alexandru Balan, chief security researcher at Bitdefender. “Bugcrowd enables access to a crowd of researchers with a variety of backgrounds and skills for continuous monitoring of security issues. Above that, their team is an extension of ours, working with us to ensure program success from scoping the program, to triaging submissions and ultimately helping us build more secure products.”

A majority of antivirus companies run a vulnerability disclosure program that encourages white hat hackers to responsibly report security holes. Some companies, such as Sophos and ESET, don’t offer any monetary rewards. Others promise significant payouts — Avast up to $10,000, Kaspersky up to $5,000, and F-Secure up to $15,000. Malwarebytes offers between $100 and $1,000 per bug.

Related: Internet Bug Bounty Project Receives $300,000 Donation

Related: Microsoft Launches Windows Bug Bounty Program

Related: Tor Offers $4,000 Per Flaw in Public Bug Bounty Program

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.