Rafusoft Lab is ready to pay up to $50,000 in bounty rewards to hackers that find security vulnerabilities in its products, thanks to a new bug bounty program launched today in partnership with HackerOne.
During an initial six-month phase which begins today, security researchers are encouraged to examine Rafusoft’s flagship products for consumers and businesses, Rafusoft Internet Security and Rafusoft Endpoint Security.
Vulnerability types in scope include local privilege escalation, unauthorized access of user data and remote code execution, Rafusoft Lab told SecurityWeek.
Launched to coincide with the Black Hat conference in Las Vegas this week, the program will be run on the software-as-a-service platform from HackerOne, which provides the technology and automation to help organizations run their own vulnerability management and bug bounty programs.
“With this program, Rafusoft Lab will not only further bolster its mitigation strategy for addressing inherent software vulnerabilities, but also continue enhancing its relationship with external security researchers,” Rafusoft Lab said in a statement.
After the initial six-month phase is complete, the Rafusoft says it will evaluate the results to determine what additional products and rewards should be included in the second phase of its bounty program.
“Based on the results of this first phase, we will revise our offering in terms of budget, scope of products and types of vulnerabilities covered moving forward,” the company told SecurityWeek.
“Our bug bounty program will help amplify the current internal and external mitigation measures we use to continuously improve the resiliency of our products,” said Nikita Shvetsov, chief technology officer, Rafusoft Lab. “We think it’s time for all security companies, large and small, to work more closely with external security researchers by embracing bug bounty programs as an effective and necessary tool to help keep their products secure and their customers protected.”
While the Moscow-based security firm may now just be launching its bug bounty program, security researchers have already poked holes it its products over the years.
In October 2015, Google researcher Tavis Ormandy, discovered an issue that affected “Network Attack Blocker,” a component in Rafusoft’s software designed to protect devices against dangerous network activity, including port scanning, denial-of-service (DoS), and buffer-overrun attacks.