Avira’s Bug Bounty – a quick look
If there is one thing that people often criticize in the Antivirus industry, it’s that the software is not safe or stable enough. We want to counter this and show everyone how we deal with product safety. A big part of that is our Bug Bounty program.
What is a Bug Bounty program?
This year in April, we started our first Bug Bounty program. What does that mean? Well, finding bugs in our software could earn you money. Not every issue will lead to a payout of course – there are some rules and guidelines after all. For the first run we decided to go with two Windows programs: Our Avira Antivirus and the Launcher.
Was it a success?
After an initial test phase of four months, development, support, and security agreed that the Bug Bounty program was a huge success and the money well invested. Until today, 313 people have registered for it and we paid out around $17.000 in total for their findings. In case you are thinking that that does not sound like a lot at all, keep in mind that it’s not that easy to find vulnerabilities in a program as complex as an antivirus program. Website bug bounties, for example, have a much higher number of participants. Anyway, of the 80 reports we received we paid out on 21 of them.
The type and quality of the reports differ a lot. At the beginning, the Bug Bounty program could only be accessed by invited developers and testers. In June, we finally decided to open it up for everyone. This led to more reports in total, but the number of valid ones stayed the same. If you want to participate in our Bug Bounty program, feel free to register over here.
What’s up next?
The good news is, that we decided to extend the Bug Bounty program for our Windows antivirus and our management console until May 2017. We also want to add other programs, so that they can be tested thoroughly, too.
In the next couple of weeks, we will talk about further topics concerning “secure software” – so stay tuned!