FireEye launches first public bug bounty program

4 years ago 158
BOOK THIS SPACE FOR AD
ARTICLE AD

Jessica Haworth 13 August 2020 at 15:35 UTC

Security vendor asks researchers to test its core infrastructure

FireEye has opened its bug bounty program to the public

FireEye has made its bug bounty program public, the security software company has announced.

Bug hunters are encouraged to submit reports to FireEye’s Bugcrowd program, which offers up to $2,500 in rewards.

FireEye, which is based in California, US, want participants to focus on the company’s core infrastructure, a statement announced.

Steven Booth, vice president and CSO, said that despite FireEye’s “best efforts”, no company is able to protect itself against every security vulnerability.

Booth said: “The technology landscape is constantly expanding, and as such, there will always be emerging threats.

Read more of the latest bug bounty news


“While we’ve been heavily involved with responsible disclosure, including helping other companies setup and modify their own programs, we are taking the next step in this effort.

“To ensure we are continually improving our environment and security posture, and to recognize the valuable role the research community plays in bettering security across all industries, FireEye is introducing its public bug bounty program specific to our corporate infrastructure.”

Critical flaws will net researchers between £1,500 and $2,500, while low-severity vulnerabilities will earn between $50 and $150.

Third-party products that may be used by FireEye are out of scope, as are social engineering attacks, physical security attacks, and denial-of-service attacks.

Booth also noted that FireEye plans to expand the program to include more products and services “in the coming months”.


READ MORE Microsoft bug bounty payouts trebled to reach nearly $14 million in the last year

Read Entire Article