Malwarebytes launches ‘Bug Bounty’ program after discovering vulnerabilities
A researcher has found vulnerabilities in Malwarebytes’ Anti-Malware program. Malwarebytes then announced that it was setting up a “Bug Bounty” program to motivate researchers to disclose security vulnerabilities in its programs.
The consumer version of Malwarebytes Anti-Malware contained several security vulnerabilities, the company said on its own blog. In November, Google researcher Tavis Ormandy showed the company these vulnerabilities and a number of server-side bugs. According to the company, these are bugs that allowed an attacker to place his own code on an attacked PC. A malicious person could only attack one PC at a time.
Malwarebytes says it fixed the vulnerabilities that were on the server side within a few days. The vulnerabilities in the consumer version of Anti-Malware should be fixed with a new version of the program: 2.2.1. The update for this is expected to be ready for release within three to four weeks.
The company also announced that it would start its own Bug Bounty program. With this, it hopes that more researchers will disclose vulnerabilities in the Malwarebytes software. The prices for the bugs are between 100 and 1000 dollars, converted about 90 and 900 euros. In special cases this can be deviated from.