Kaspersky Lab has informed researchers that its bug bounty program has been extended. The company has also decided to add a new product to its program and increase the maximum reward.
Kaspersky launched its HackerOne-powered bug bounty program in August 2016. The first phase, which lasted for six months and promised a total of $50,000 in bounties, led to the discovery of more than 20 flaws.
Given the program’s success so far, the security firm has decided to extend it and make some changes. Bug bounty hunters can now earn rewards for finding vulnerabilities in Kaspersky Password Manager 8. Until now, only Kaspersky Internet Security 2017 and Kaspersky Endpoint Security 10 were in scope.
The security firm also announced that the maxim reward for remote code execution vulnerabilities has been increased from $2,000 to $5,000. White hat hackers can earn, on average, $1,000 for local privilege escalation flaws and $2,000 for sensitive information disclosure issues. The minimum reward is $300.
“Since August, it is fair to say that our Bug Bounty Program has been successful in optimising our internal and external mitigation measures to continuously improve the resiliency of our products. That’s why we’ve decided to extend it,” said Nikita Shvetsov, Chief Technology Officer at Kaspersky Lab.
“We appreciate the enthusiastic participation of security researchers worldwide. As a mark of our respect for the work they do in helping us to bolster our solutions, we’ve increased the remuneration on offer in this second phase of the program and extended the scope to include other important Kaspersky Lab products,” Shvetsov added.
Google Project Zero researcher Tavis Ormandy has reported finding several vulnerabilities in Kaspersky products in the past years. The most recent, disclosed in January, was related to how the security firm’s products inspect SSL/TLS connections.
Related: Attackers Can Hijack Security Products via Microsoft Tool
Related: Kaspersky Patches Critical Vulnerability in Antivirus Products
Related: Kaspersky Patches Flaw in “Network Attack Blocker” Feature

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- macOS 14 Sonoma Patches 60 Vulnerabilities
- New GPU Side-Channel Attack Allows Malicious Websites to Steal Data
- Microsoft Adding New Security Features to Windows 11
- Sony Investigating After Hackers Offer to Sell Stolen Data
- 900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse
- Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks
- China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
- SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
Latest News
- Google Open Sources Binary File Comparison Tool BinDiff
- macOS 14 Sonoma Patches 60 Vulnerabilities
- New GPU Side-Channel Attack Allows Malicious Websites to Steal Data
- Microsoft Adding New Security Features to Windows 11
- UAE-Linked APT Targets Middle East Government With New ‘Deadglyph’ Backdoor
- Sony Investigating After Hackers Offer to Sell Stolen Data
- The CISO Carousel and its Effect on Enterprise Cybersecurity
- Xenomorph Android Banking Trojan Targeting Users in US, Canada
