show image

Kaspersky vows to hand out bug bounty rewards of up to $100,000

Russian cyber security firm Kaspersky Lab is increasing its bug bounty rewards to up to $100,000, as part of a transparency drive aimed at regaining consumers’ trust.

The US government banned its agencies from using Kaspersky products last year following reports Russia had used its antivirus software to steal hacking tools from the NSA.

The firm denies it assisted Russia and has since launched a “Global Transparency Initiative” to engage the security community in verifying its products.

The programme’s biggest rewards will go to researchers who discover bugs that enable remote code execution via its product database update channel. The firm said the launch of the malware “must take place silently from the user in the product’s high privilege process and being able to survive the reboot of the system”.

“Finding and fixing bugs is a priority for us as a software company. We invite security researchers to make sure there are no vulnerabilities in our products,” said CEO Eugene Kaspersky. “The immunity of our code and highest levels of protection that we offer customers is a core principle of our business – and a fundamental pillar of our Global Transparency Initiative.”