HackerOne Blocks Kaspersky From Using Its Bug Bounty Platform

pcmag.com:

The bug bounty platform HackerOne has booted Russian anti-virus company Kaspersky from using its services. 

On Friday, Kaspersky announced the news, saying it had been “suspended indefinitely” from hosting its bug bounty program on HackerOne.  

“The platform blocked Kaspersky’s access to the program and made Kaspersky’s bug bounty page at HackerOne unavailable to researchers,” the anti-virus provider said. “HackerOne has frozen existing funds and discussions for already reported vulnerabilities.”

In case you don’t know, HackerOne operates a platform that let’s companies offer rewards to security researchers for finding vulnerabilities in their software. In Kaspersky’s case, the anti-virus provider was offering bug bounties ranging from $2,000 to $20,000, depending on the vulnerability’s severity.  

HackerOne, which is based in San Francisco, didn’t immediately respond to a request for comment. So it’s unclear what led to the blocking. But naturally, observers will wonder if the blocking is due to the US’s sanctions on Russia in response to the Kremlin’s invasion of Ukraine. 

HackerOne’s own FAQ on the sanctions notes: “We are currently pausing some hacker reward payments to regions subject to payment sanctions to ensure our compliance with legal requirements… Sanctions are worded to cover broad areas of finance and business, not written with ethical hacking in mind.”

The FAQ adds: “We will continue to work with the appropriate entities on sanctions. To that end, we have suspended programs for customers based in the countries of Russia, Belarus, and the sanctioned areas of Ukraine.”

However, Kaspersky said the sanctions shouldn’t apply to the anti-virus company, citing its international presence. “We must note that