FireEye Announces Bug Bounty Program

California cybersecurity company FireEye today announced that it is opening up its bug bounty program to the public. 

FireEye previously set up a private bug bounty program in partnership with Bugcrowd. As of today, the company is extending the program to any researcher who registers through the Bugcrowd platform.  

A spokesperson for FireEye said: "While we’ve been heavily involved with responsible disclosure, including helping other companies set up and modify their own programs, we are taking the next step in this effort."

Over the coming months, researchers will be invited to seek out weaknesses in FireEye's products, services, business applications, and infrastructure security. Cash rewards ranging from $50 to $2,500 will be offered per vulnerability detected. 

Vulnerabilities submitted as part of the program will typically be accepted or rejected within 5 days. 

A spokesperson for the company said: "As security researchers ourselves, FireEye understands the importance of investigating and responding to security issues. We also realize that despite our efforts to eradicate security vulnerabilities from our products and services, there will always be emerging threats, new vulnerabilities, and opportunities to improve. 

"To that end, FireEye believes wholeheartedly in embracing the public research community when security issues are discovered and working with security researchers to fix the identified issue and remediate any related and/or underlying systemic issues to further improve our security posture."

Threats are split into four different levels of technical severity ranging from low to critical. Th ..

Support the originator by clicking the read the rest link below.