Bug bounty platform HackerOne disabled Kaspersky's bug bounty program on Friday following sanctions imposed on Russia and Belarus after the invasion of Ukraine.
"We will continue to work with the appropriate entities on sanctions," HackerOne explained in a FAQ regarding sanctions published last week.
"To that end, we have suspended programs for customers based in the countries of Russia, Belarus, and the sanctioned areas of Ukraine."
The Russian cybersecurity firm said the sanctions wouldn't justify the program's suspension since none of them were imposed on Kaspersky.
The bug bounty platform also blocked Kaspersky's access to the program and froze existing funds for already reported security vulnerabilities in the Russian antivirus provider's products.
Kaspersky also added that its bug bounty program was disabled indefinitely following "unilateral action from HackerOne."
"Kaspersky finds this unilateral action an unacceptable behavior, especially for the key player in the vulnerability coordination community where the trust between all parties is paramount to making products and services safer," the cybersecurity company said.
"Our conversations with Kaspersky are ongoing, and we will continue to work with their team to address their concerns," a HackerOne spokesperson told BleepingComputer.
Kaspersky now asks researchers who find vulnerabilities in its products to report them using its self-hosted bug bounty program.
HackerOne's decision to kick the Kaspersky bug bounty program off its platform follows another blow the Russian company received since the start of the Russian war in Ukraine.
The German Federal Office for Information Security, BSI, warned companies last week against using Kaspersky antimalware products due to threats made by Russia against the EU, NATO, and Germany.
The BSI suggested Kaspersky could be forced into giving a helping hand to Russian intelligence in launching attacks against its customers or have its products misused for cyberespionage.
This warning came after Kaspersky founder and CEO Eugene Kaspersky said a "compromise" would be welcomed to the Russian hostilities in Ukraine, sparking outrage on Twitter.
Last week, HackerOne apologized to Ukrainian hackers after erroneously freezing their accounts and blocking their bug bounty payouts following sanctions imposed after the start of the Russian war.
Update: Added HackerOne statement.
Comments
lonegull - 2 years ago
Still with the unfounded fearmongering of Kaspersky spying, the CEO being some kind of Russian spy, the company spying on it's customers, giving information to the Government. I would like to see some documented proof of spying or criminal activity before arbitrarily condemning the company, it's founder or their products. Which all seems based on the sole fact that he and the company are Russian. Germany, Belgium, British Intelligence and the European Union investigated and found no evidence of the software spying.
Putin being an evil monster doesn't make all Russians evil. If you read the news you see that most Russians do not support the invasion. I do not support the invasion! The US has become too petty and closed minded to accept any new ways of thinking about or seeing Russia. So sadly 30 years later the US is still stuck in the Cold War and old USSR mentality just like Putin.
Sudionew - 2 years ago
You're missing the point. No one is accusing Kaspersky of doing anything malicious. Western governments are warning against its continued usage because, under Russian law, it would be required to carry out any demand(s) given to it by the Russian state.
And asking for "documented proof" from intelligence agencies? I mean, really?