{"id":5833,"date":"2016-08-02T13:00:40","date_gmt":"2016-08-02T13:00:40","guid":{"rendered":"https:\/\/kasperskydaily.com\/b2b\/?p=5833"},"modified":"2019-11-15T13:50:07","modified_gmt":"2019-11-15T11:50:07","slug":"bug-bounty","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/bug-bounty\/5833\/","title":{"rendered":"A license to hunt bugs"},"content":{"rendered":"<p>In the very near future, we will use the HackerOne platform to launch the <a href=\"http:\/\/hackerone.com\/kaspersky\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Lab Bug Bounty<\/a> program, which will give outside experts an opportunity to seek bugs in Kaspersky Lab\u2019s products and be rewarded for vulnerabilities they might find. We have been contemplating this option for quite some time. In 2015, we ran a closed bug bounty program, and after reviewing its results decided to make the program public and allow outside researchers to participate.<\/p>\n<p>All software developers want to create an ideal product. But nobody has made a truly perfect piece of software yet. With effort and know-how, you can find a few flaws or glitches in any program. The primary questions are how serious these deficiencies are and when they are likely to be found in the wild. Bugs obviously need to be detected before they give users any troubles \u2014 and, most important, before troublemakers find and exploit them.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>A license to hunt bugs #KLBH<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2F4Nu8&amp;text=A+license+to+hunt+bugs+%23KLBH\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>As we said, perfect software simply does not yet exist, and though our programs are not an exception, we must keep trying. To minimize vulnerabilities in our products, we at Kaspersky Lab have already implemented a multilevel approach to testing our products as part of a secure software development life cycle. Before release, every Kaspersky Lab solution undergoes a rigorous internal audit. A team of professional testers from our quality assurance (QA) department analyzes the software, and our internal pen testers run penetration tests, too. In some cases, pilot deployments follow before we release our product to market. But to minimize the chance of criminals being able to find and exploit flaws, we decided to add another level of reliability testing.<\/p>\n<p>We believe that, because of their mission, security solutions must be picked over for vulnerabilities with the utmost care. Flaws in an office or entertainment application are problematic and can be annoying or even dangerous, but to exploit a regular software vulnerability, cybercriminals first have to bypass the defenses of information security solutions.<\/p>\n<p>Kaspersky Lab software has a definite advantage over that of most software developers because we pioneered instant updates. It is the nature of security solutions to require frequent updates \u2014 and I\u2019m not just talking about updating databases. Several years ago, Kaspersky Lab\u2019s products adopted a new method of supplying end users with instant updates, not only to databases but to the software itself. It enables instant installation of updated modules on most products and thereby quickly fixes any vulnerabilities. Thanks to this system (actually, thanks to the coordinated work of Kaspersky Lab developers and researchers), last year we managed to fix a few serious bugs within 24 hours.<\/p>\n<p>The Kaspersky Lab Bug Bounty program \u2014 in concert with HackerOne, a specialized platform for detecting vulnerabilities \u2014 officially starts on August 2, 2016. The program will last through February 2017.<\/p>\n<p>For more information on the program, the types of vulnerabilities bug hunters should focus on, and other conditions of participation <a href=\"http:\/\/hackerone.com\/kaspersky\" target=\"_blank\" rel=\"noopener nofollow\">see here<\/a>. We look forward to seeing how fresh eyes can help us make our products even better and more reliable.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the very near future, we will use the HackerOne platform to launch the Kaspersky Lab Bug Bounty program, which will give outside experts an opportunity to seek bugs in Kaspersky Lab\u2019s products and be rewarded for vulnerabilities they might find.<\/p>\n","protected":false},"author":2399,"featured_media":15323,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3021],"tags":[2449,882,2450,352,1756],"class_list":{"0":"post-5833","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-bounty","10":"tag-bugs","11":"tag-hunting","12":"tag-kaspersky-lab","13":"tag-klbh"},"hreflang":[{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/bug-bounty\/5833\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/bug-bounty\/15051\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/bug-bounty\/5833\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/bug-bounty\/5833\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.za\/blog\/tag\/bounty\/","name":"bounty"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/5833","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/users\/2399"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/comments?post=5833"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/5833\/revisions"}],"predecessor-version":[{"id":24318,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/5833\/revisions\/24318"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media\/15323"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media?parent=5833"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/categories?post=5833"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/tags?post=5833"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}