As security researchers and front-line defenders, we at FireEye understand the importance of investigating and responding to security issues. We also understand that—despite our best efforts—we cannot eradicate all security vulnerabilities. The technology landscape is constantly expanding, and as such, there will always be emerging threats.
While we’ve been heavily involved with responsible disclosure, including helping other companies setup and modify their own programs, we are taking the next step in this effort.
To ensure we are continually improving our environment and security posture, and to recognize the valuable role the research community plays in bettering security across all industries, FireEye is introducing its public bug bounty program specific to our corporate infrastructure.
To date, the FireEye bug bounty program has been run privately in partnership with Bugcrowd. FireEye is now extending the bug bounty program to any researcher who registers through the Bugcrowd platform.
FireEye cares deeply about the security of its solutions, services, business applications and infrastructure. There are a couple of ways that the broader security community can get involved.
For full bug bounty program details or to enter a report, please visit the FireEye Bugcrowd page.
FireEye plans to expand its bug bounty program to include products and services in the coming months. Researchers who prefer not to receive payment for their work, or who wish to report product or services related findings, should do so via the Bugcrowd-managed FireEye Responsible Disclosure program.