Taking another step towards security, the cybersecurity firm FireEye has publicly launched its bug bounty program. While the program initially started as a private program, the firm now invites all bug hunters for participation.
FireEye Bug Bounty Program
Reportedly, US-based cybersecurity firm FireEye has announced its bug bounty program for all.
As stated in a recent post,
To ensure we are continually improving our environment and security posture, and to recognize the valuable role the research community plays in bettering security across all industries, FireEye is introducing its public bug bounty program specific to our corporate infrastructure.
The company, despite providing security solutions to various firms, believes that adequate management of security requires more efforts that may not be possible single-handedly. Hence, the firm now invites all bug bounty hunters to facilitate them in ensuring an inclusive security status.
The company has been running the program privately in the previous few months. But they have now made it public inviting everyone to the Bugcrowd platform.
$50 To $2500 Bounties Announced
According to the details, FireEye has presently focused its bounty program on the security of its corporate infrastructure. For now, the program does not include the firm’s products and services. Nonetheless, they do plan to expand the bug bounty program in the coming months.
Sharing the details about the rewards on their Bugcrowd page, they stated the rewards ranging between $50 and $2500. Here is the breakdown of the rewards for different bugs.
- Critical: $1500-$2500
- Severe: $800-$1250
- Moderate: $200-$500
- Low: $50-$150
They further explain that the program will use the Bugcrowd Vulnerability Rating Taxonomy to classify the bugs. Nonetheless, depending upon the impact and probability of a bug, the vulnerability priority may experience a change.
For details about the eligibility criteria and out-of-scope issues, please visit the bug bounty program page.