Bountytalk - Forums Advertising & Bounty Hub
Other Bounties => Bug bounty programs => Topic started by: Angelina on May 02, 2023, 06:11:05 pm
-
Submit Bug Report
We at Kaspersky believe that everyone – from home computer users and small companies to large corporations and governments – has the right to be free from cybersecurity fears. We have therefore made it our mission to provide the world’s most effective, responsive and efficient protection against cyber-threats. However, for these rare occasions when unintended software flaws are discovered under various circumstances, our experts are always ready investigate the information reported to us and implement the best course of action in the tightest time period possible. We are following the guidelines of responsible disclosure to ensure our customers address potential vulnerabilities as quickly as possible and are able to mitigate the associated risks.
What is a vulnerability?
A Security Vulnerability is defined as a weakness or flaw found in a product or related service component(s) that could be exploited to allow an attacker to compromise the integrity and undermine the regular behavior of the product or service component(s), even when deployed in an approved and properly supported configuration.
Kaspersky policy on vulnerability reporting and disclosure
Kaspersky appreciates the important work of security researchers who identify and report potential vulnerabilities in Kaspersky products.
Security is critical to everything we do. We recognize the value that security researchers can provide in helping us maintain the high standard of security and privacy for our customers. This includes coordinating vulnerability research, mitigation, and disclosure. This policy outlines Kaspersky’s definition of good faith in the context of finding and reporting vulnerabilities, as well as what researchers can expect from us in return.
If you have discovered a security flaw in Kaspersky’s products, please report it to us so we can take the necessary measures to rectify the vulnerability as quickly as possible. Please report a vulnerability to us by emailing at Vulnerability@kaspersky.com or through our Bug Bounty program. To encrypt your message, please use this PGP key. Our BugBounty program is described here.
When you report, please have in mind these good practices:
Your contact details. Kaspersky specialists require information about how to address you and contact you for clarification of the data about the vulnerability you have discovered.
The name of the product in which you discovered the vulnerability, along with its version number and your device’s operating system.
Describe in detail the vulnerability you have discovered so that we can determine the nature and scale of the issue.
Please tell us whether you are planning to give information about the vulnerability to a third party.
Kaspersky will analyze the information you provide, provide a timely initial response to your submission, work to remediate vulnerabilities in a timely manner, and inform you of the results.