Kaspersky Lab has upped the high end of its bug bounty rewards program to US$ 100,000 (£72,000) for severe vulnerabilities that allow remote code execution (RCE) through the database update channel.
Specifically, the company is targeting bugs that can be exploited to launch malware code – silently - from the user in the high privilege process in the most recent beta versions of the KasperskyInternet Security 2019 (https://goo.gl/UbkohE) and Kaspersky Endpoint Security 11 (https://goo.gl/Z9xCjL) and which can survive a system reboot.
Other RCE vulnerabilities will net researchers US$ 5,000 (£3,601) to US$ 20,000 (£14,407), depending on their complexity.
“Finding and fixing bugs is a priority for us as a software company. We invite security researchers to make sure there are no vulnerabilities in our products,” said Kaspersky Lab CEO and founder Eugene Kaspersky of the program that began in 2016 and is administered on the HackerOne platform. “The immunity of our code and highest levels of protection that we offer customers is a core principal of our business – and a fundamental pillar of our Global Transparency Initiative.”