Axis Communications, an approved Common Vulnerability and Exposures (CVE) Numbering Authority (CNA), is launching a private bug bounty programme with Bugcrowd, a leader in crowdsourced cyber security. The private bug bounty programme helps strengthen Axis’ commitment to building professional relationships with external security researchers and ethical hackers, and it reinforces the company’s efforts to proactively identify, patch, and disclose vulnerabilities in Axis OS, the Linux-based operating system that drives most Axis products.
Axis acknowledges the importance and hard work performed by security researchers and ethical hackers and believes that long-term sustainable cyber security is created through collaboration and transparency. In working with Bugcrowd and its Security Knowledge Platform, Axis will benefit from the company’s cyber security expertise, engineered software-as-a-service, and global network of ethical hackers. The relationship is an additional element of the transparent vulnerability management strategy at Axis.
The bug bounty programme will follow the criteria below:
Leveraging its Crowdmatch AI-based matching technology, Bugcrowd will select and invite its registered researchers with relevant skills and experience, while Axis will make Axis OS-based products available for testing.
Researchers who discover vulnerabilities will be eligible to receive a “bounty” cash reward with payments that will vary, depending on the severity of the vulnerability. Axis will then transparently disclose vulnerabilities externally and provide patches to affected Axis OS versions accordingly.
Axis welcomes interested security researchers and ethical hackers for participation in the bug bounty program, and encourages participation through the vulnerability reporting process
