Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

F-Secure Revamps Bug Bounty Program

Finland-based security solutions provider F-Secure announced this week the launch of a bug bounty program that covers several of the company’s corporate and consumer products.

Finland-based security solutions provider F-Secure announced this week the launch of a bug bounty program that covers several of the company’s corporate and consumer products.

F-Secure launched its vulnerability reward program in the spring of 2014 and suspended it in February 2015. The initial program only covered F-Secure Younited storage services.

The company has now relaunched its bug bounty program and expanded it to include many of the firm’s products. The new program includes consumer products such as F-Secure SAFE, Internet Security, Freedom, and Key, and corporate solutions such as F-Secure Client Security, Server Security, Email and Server Security, Internet Gatekeeper, Linux Security, and Protection Service for Business (PSB) products.

Experts who find vulnerabilities in these applications can earn between €100 ($110) and €15,000 ($16,500).

The reported vulnerabilities are only eligible for a reward if they can be reproduced on the newest versions of the targeted software obtained from F-Secure’s website, Google Play, the Apple App Store, and the Windows Phone Store. In the case of mobile products, the exploit must work on non-rooted, non-jailbroken devices that run a version of firmware no older than one year. In the case of desktop clients, the exploit must work without administrator or root access.

Bugs in third-party components delivered as part of the F-Secure application and flaws in the underlying platform can also be eligible.

Researchers who identify vulnerabilities in the covered products are advised to report them to security(at)f-secure.com, preferably by encrypting the email. The submission must include a description of the issue, its location and steps to reproduce, and the product version affected. In the case of services, the reporter must specify the date and time when the vulnerability could be reproduced.

While some companies threaten to take legal action against researchers who reverse engineer their products, participants in F-Secure’s program are granted permission to decompile and reverse engineer the company’s applications.

Advertisement. Scroll to continue reading.

Researchers often find serious vulnerabilities in security products. A perfect example is the work of Google researcher Tavis Ormandy, who identified several flaws in Kaspersky Lab anti-virus products over the past months.

Related Reading: Invitation-Only Bug Bounty Programs Becoming More Popular

Related Reading: Microsoft Launches Bug Bounty Program for .NET Core, ASP.NET Beta

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.