The network video product manufacturer Axis Communications, an approved Common Vulnerability and Exposures (CVE) Numbering Authority (CNA), is launching a private bug bounty programme with Bugcrowd, which offers crowdsourced cybersecurity. Axis says it’s committed to building relationships with external security researchers and ethical hackers, and would welcome interested security researchers and ethical hackers to take part.
The company says it’s part of its efforts to identify, patch, and disclose vulnerabilities in AXIS OS, the Linux-based operating system that drives most Axis products. The company says that it acknowledges the importance and hard work of security researchers and ethical hackers and believes that long-term sustainable cybersecurity is created through collaboration and transparency.
Using Crowdmatch AI-based matching technology, Bugcrowd will select and invite its registered researchers with skills and experience, while Axis will make AXIS OS-based products available for testing. Researchers who discover vulnerabilities will be eligible to receive a “bounty” cash reward with payments that will vary, depending on the severity of the vulnerability. Axis will then transparently disclose vulnerabilities externally and provide patches to affected AXIS OS versions accordingly.