Netgear launches bugbounty program with bugcrowd and can offer bounty between $150 and $15,000 to researchers who find security flaws in its hardware, mobile apps, and APIs. The partnership was made shortly after critical vulnerabilities were discovered in several Netgear routers. These problems would have allowed someone to take over the affected devices with a malicious web page or advertisement which could in turn have given them a legion of bots that could be used for attacks on popular services.
These days criminals have taken aim at a rapidly growing threat surface created by millions of new Internet of things (IoT) devices, it has become crucial to protect routers that contain the keys to the kingdom that connects the outside world to the IP networks that run these connected devices. NETGEAR vice president of information technology Tejas Shah said, “As the innovative leader in connecting the world to the internet, NETGEAR must earn and maintain the trust of their users by protecting the privacy and security of their data. Being proactive when it comes to security is fundamental to NETGEAR’s approach. By adding a managed bug bounty program through Bugcrowd, we are adding one more layer to our security program.”
Netgear will runs two types of responsible disclosure programs: a program offering Bugcrowd kudos points, and one offering cash rewards. The Kudos Program will offer reward in points and is strictly limited to issues pertaining to the latest version of the software. The Cash Reward Program offers reward in US Dollars and involves identification of security vulnerabilities in some of their products.
Netgear is prepared to pay out up to $15,000 for each vulnerability, the most valuable flaws being ones that allow access to the cloud storage video files or live video feeds of all customers. Bounty hunters can also earn the maximum reward if they find security holes that allow remote access to routers from the Internet.
There are certain bugs that are excluded from the bug bounty program, which include Netgear AWS infrastructure attacks, automated scanning attacks, social engineering including phishing, DDoS attacks, usability issues, UI and UX bugs, spelling errors, product license violation, previously identified security flaws, flaws resulting from malware, missing MX records or SPF records and low impact issues, etc.Share This: