Hot on the heels of a $6 million seed funding round, cybersecurity startup SquareX today announced a six-week bug bounty program focused on its new cloud-based browser security solution.
Integrating with the browser as an extension, the solution protects users from malware and also allows them to remain private online, through temporary containers that SquareX calls ‘disposable browsers’.
Headless browsers running in data centers, these containers keep users safe from threats when they check emails, stream content, create documents, or access banking and ecommerce accounts.
Singapore-based SquareX has made its solution available in beta to a limited number of users and is now looking for help in identifying and squashing security bugs in its product as it is gearing up for the official launch.
Running from June 15 to July 27, the bug bounty program welcomes hackers, security researchers, and the wider community to test the browser-based solution and report any security defects that might emerge.
As part of the program, SquareX promises a total of $25,000 in bug bounty rewards to the reporting researchers.
The highest payout is $2,000, for critical-severity vulnerabilities. Reporting researchers may earn $1,000 for high-severity issues, $500 for medium-severity bugs, and $100 for low-severity flaws.
Within the scope of the program, SquareX lists the malware.rip and malwareriplabs.com websites and subdomains, along with the Disposable File Viewer launched via malware.rip.
Reports are accepted for container escapes, internet access within the container, flaws allowing access to other user sessions, attacks on Kubernetes, and bugs allowing extended lifetime of the container.
The reports, the company says, should include information on the impacted web application, a description of the flaw and its impact, steps to replicate the issue, proof-of-concept code, and screenshots or video recordings of the problem.
Reporting researchers may also need to provide copies of an identity card and PayPal account details, when asked.
Additional information can be found on the bug bounty program’s web page.