F-Secure launched a bug bounty this past week, which could dole out max rewards amounting to approximately $16,527.
The company noted on a page detailing the program that not all its products and services are eligible for reward. Among eligible products are 12 corporate products, including F-Secure Client Security and F-Secure E-mail and Server Security Premium, as well as four consumer products.
Researchers can report bugs via email, and the company recommends encrypting communications through its GnuPG key. Included in a report should be the finding; how it was found and how to reproduce it; and any further relevant technical information.
If the bug has already been reported, only the first detailed report will be rewarded. “We know that this would give us a loophole to claim that everything's been already previously found, but trust us, we want to be fair,” F-Secure wrote.