{"id":4065,"date":"2016-02-04T02:54:30","date_gmt":"2016-02-03T18:54:30","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=4065"},"modified":"2016-02-04T02:54:56","modified_gmt":"2016-02-03T18:54:56","slug":"malwarebytes-bug-bounty-program-goes-live","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2016\/02\/malwarebytes-bug-bounty-program-goes-live\/","title":{"rendered":"Malwarebytes Bug Bounty Program Goes Live"},"content":{"rendered":"

So Malwarebytes bug bounty program is live, the official name is actually Malwarebytes Coordinated Vulnerability Disclosure Program – what a mouthful (guidelines here<\/a>).<\/p>\n

\"Malwarebytes<\/p>\n

It’s good to see, bug bounty<\/a> programs typically tend to have a nett positive effect and end in win-win situations for researchers and software vendors alike.<\/p>\n

In an effort to encourage researchers to responsibly disclose security flaws found in its products, anti-malware company Malwarebytes announced on Monday the launch of a bug bounty program.<\/p>\n

The company is prepared to offer between $100 and $1,000 for eligible vulnerabilities, depending on how severe and exploitable they are. Bounty hunters are also offered an entry in the Malwarebytes Hall of Fame and \u201ccool Malwarebytes swag.\u201d<\/p>\n

Malwarebytes\u2019 Coordinated Vulnerability Disclosure program covers vulnerabilities found in the company\u2019s products and web services, particularly weaknesses that can lead to remote code execution or sensitive information disclosure. Experts are also encouraged to report crashes and stability issues, but these are generally considered not eligible for a bounty.<\/p>\n

In the case of vulnerabilities discovered by Malwarebytes in third-party products, the company\u2019s standard public disclosure deadline is 150 days.<\/p><\/blockquote>\n