Introducing the New Avast Bug Bounty Program
Hello Avast fans!
It is my pleasure to officially announce the new Avast bug bounty program. As a security company, we very much realize that security bugs in software are reality. But we also realize that companies that are able to use their user communities to find and fix bugs are generally more successful that those that don't. Therefore, we have decided to reward individuals who help us find and fix security-related bugs in our own software. This makes us probably the first security vendor with a reward program like this: I think it's mainly because the other companies generally take the position that 'Hey, we're a security company. So we know security and it can't happen to us.' But in reality, that's not what's happening. Just look at bugtraq or the CVE databases and you will find that security software is no more immune to these issues than any other programs. A bit of irony, given that people generally install security software to fight security issues in the first place, isn't it?
We at Avast take this very seriously. We know that being a market leader (Avast has more users than any other AV company in the world), we're a very attractive target for the attackers. So, here's our call to action: let's unite and find and fix those bugs before the bad guys do!
Here's how it works:
How to report a bug and qualify for the bounty:
Finally, I'd like to say thanks to everyone who helps to find and fix bugs in our products. Hopefully, this new reward program will take this initiative to a whole new level.
P.S. The bug bounty rules are also available on our main website here.
Unrelated to the CCleaner attack, Avast also found ShadowPad samples active in South Korea and Russia, logging a financial transaction
Close to 50,000 Minecraft accounts infected with malware designed to reformat hard-drives and more.