It’s open season for Avira bug hunters. Avira has opened up its bug hunting program with Bugcrowd to all comers: https://bugcrowd.com/avira
Successful bug hunters can earn up to $2,500 for uncovering issues in Avira Free Antivirus and Avira Launcher Windows from the PC client side of the application. Notices about the expanded bug season have been posted in Facebook, LinkedIn, and Twitter.
— bugcrowd (@Bugcrowd) 20. Juni 2016
The planned transition to an open playing field comes two-thirds of the way through Avira’s first bug hunting season. Previously, it was set up as a private bounty program open only to invited hackers. The program set to run for at least four more weeks. To participate, want-to-be bug hunters have to first register with Bugcrowd – then it is happy hunting.
“We’ve already paid out around $8,000 to researchers who use Bugcrowd and we are ready to pay out more,” said Patrick Lichtner, head of global technical support at Avira. “Typically, these guys are ethically active hackers that are trying to fix – not exploit – the issues they discover.”
The program brings multiple benefits to Avira and its users, explains Patrick: “For us, we are having relevant security bugs quickly brought to our attention. Our users benefit from this by having a more secure and stable software.”
Bounty programs are a popular way for companies to root out potential issues in their software. Other companies with ongoing programs include Facebook, Google, and Yahoo. By rewarding hackers for finding and reporting vulnerabilities, companies increase the security of their products and reduce the chances that hackers will misuse their discoveries as zero-day threats.