Security solutions provider Avast has launched a new bounty program which gives researchers the opportunity to make some honest money by responsibly reporting the vulnerabilities they identify in the company’s products. This probably makes Avast the first security vendor to initiate such a program.
The issues that qualify for Avast’s bug bounty program are: remote code execution, local privilege escalation, denial-of-service (DOS), Sandbox escapes, and certain scanner bypasses.
The rewards start at $200 (150 EUR), but they can be as high as $5,000 (3,750 EUR) for remote code execution vulnerabilities.
Security experts who want to submit their findings can use the firstname.lastname@example.org email address. However, take note that the information you submit must be sufficient to allow the company to reproduce the flaw.
Additional details are available on Avast’s blog.