US Authorities added Kaspersky Lab to the list of National Security Threats

Bug bounty platform HackerOne disabled Kaspersky's bug bounty program.

Kaspersky blocked in US

The US Federal Communications Commission (FCC) included Kaspersky Lab JSC, China Telecom Corp., and China Mobile International in a list of communications Equipment and Services Covered By Section 2 of The Secure Networks Act that may pose a threat to the national security of the United States. In addition to the three companies mentioned, a year ago (March 12, 2021), 5 more Chinese companies were added to this list - Huawei, ZTE, Hytera, Hikvision, and Dahua.

According to the document, the US Department of Homeland Security concluded that "Kaspersky Lab-branded products pose an unacceptable risk to the national security of the United States and its people." Two legal entities from the PRC were also added to the updated list of the Federal Communications Commission.

According to the agency, under FCC law of 2019, the commission is required to annually update the list of communications equipment and services that pose an unacceptable risk to US national security.

On the other side today, a bug bounty platform HackerOne disabled Kaspersky's bug bounty program. HackerOne releases FAQ regarding sanctions and wrote - 

"HackerOne is actively monitoring the evolving events surrounding the Russian invasion of Ukraine to ensure the best possible outcomes for the hacker community, our employees, and the customers we serve."

The bug bounty platform also blocked Kaspersky's access to the program and froze existing funds for already reported security vulnerabilities in Kaspersky's products.

Regarding the suspension of the program, Kaspersky says- 

"Kaspersky finds this unilateral action an unacceptable behavior, especially for the key player in the vulnerability coordination community where the trust between all parties is paramount to making products and services safer," 
Kaspersky Bug Bounty

Kaspersky announces changes to the bug bounty program and vulnerability disclosure process. The company welcomed all researchers to their self-hosted bug bounty program.

Read Also
Post a Comment