Security vendor asks researchers to test its core infrastructure

FireEye has opened its bug bounty program to the public

UPDATED FireEye has made its bug bounty program public, the security software company has announced.

Bug hunters are encouraged to submit reports to FireEye’s Bugcrowd program, which offers up to $2,500 in rewards.

FireEye, which is based in California, US, want participants to focus on the company’s core infrastructure, a statement announced.

Steven Booth, vice president and CSO, said that despite FireEye’s “best efforts”, no company is able to protect itself against every security vulnerability.

Booth said: “The technology landscape is constantly expanding, and as such, there will always be emerging threats.

“To ensure we are continually improving our environment and security posture, and to recognize the valuable role the research community plays in bettering security across all industries, FireEye is introducing its public bug bounty program specific to our corporate infrastructure.”

Critical flaws will net researchers between £1,500 and $2,500, while low-severity vulnerabilities will earn between $50 and $150.


Read more of the latest bug bounty news


Speaking to The Daily Swig, Matt Shelton, director of technology risk and threat intelligence at FireEye, said Bugcrowd was chosen to manage the program due to its reputation as a “leader”.

Shelton said: “FireEye selected Bugcrowd based on their reputation as a leader in the bug bounty space.

“We wanted to leverage the expertise of their support staff to help triage submissions and communicate with researchers.

“Additionally, we wanted to leverage the crowd to help us prove and enhance FireEye’s security.”

He added: “As a security company, FireEye holds itself to a higher standard. We want to do all we can to ensure our products and services are secure, including leveraging the greater research community.”

Third-party products that may be used by FireEye are out of scope, as are social engineering attacks, physical security attacks, and denial-of-service attacks.

Booth also noted that FireEye plans to expand the program to include more products and services “in the coming months”.

This article has been updated to include comment from FireEye



READ MORE Microsoft bug bounty payouts trebled to reach nearly $14 million in the last year