cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Vladimir
Pearl

Where is the Check Point bug bounty program?

As much as I enjoy digging into the inner-workings of various products, as a consultant, my goal is to accurately quote my services and deliver the solutions in timely fashion.

It is ,therefore, left to me to work out the differences in features, lack thereof or bugs on my own time.

It would be nice to have at least a nominal compensation when the time and efforts spent working with the product result in a discovery of bugs.

I do believe that most of the software vendors have it in place. Is there such a program at Check Point? If yes, how should we claim a bug bounty?   

4 Replies

Re: Where is the Check Point bug bounty program?

According to Wikipedia, Bug bounty program was invented by Netscapes technical support Engineer Jarrett Ridlinghafer when he discovered that many of Netscape's enthusiasts were actually software engineers who were fixing the product's bugs on their own and publishing the fixes or workarounds Smiley Happy.

So are you just giving away your fixes and workarounds for free at the moment or are you mainly working on finding exploits and vulnerabilities in CheckPoint products that are much more valuable ?

0 Kudos
Vladimir
Pearl

Re: Where is the Check Point bug bounty program?

Gunther,

The bugs I am referring to are not necessarily security exploits, but are mostly pinned-down functionality related issues.

Occasionally, I end-up spending an ungodly amount of time fighting issues that are undocumented bugs.

When contacting TAC with my findings, sometimes long and arduous verification and replication of the issues takes place.

 When the findings are confirmed to be a bug with no existing SK, and you are told that it will be remedied in the next version or if it results in CP pulling their AMI from AWS from instance, I suppose it qualifies for the bounty.

I do not seek those on purpose, but am stumbling on them frequently enough in the course of my normal work.

When it is costing me in terms of non-billable time, it bugs me (pun intended).

Re: Where is the Check Point bug bounty program?

they are not bugs , just missing features mate (sorry for that) Smiley Happy

0 Kudos
Vladimir
Pearl

Re: Where is the Check Point bug bounty program?

From Wikipedia: "A software bug is an error, flaw, failure or fault in a computer program or system that causes it to produce an incorrect or unexpected result, or to behave in unintended ways."

Quoting Ilene Burnstein from the book Practical Software Testing (recommended) who parts from the definition in the "IEEE Standards Collection for Software Engineering" (1994) and "IEEE Standard Glossary of Software Engineering Terminology" (standard 610.12, 1990):


A fault (defect) is introduced into the software as the result of an error. It is an anomaly in the software that may cause it to behave incorrectly, and not according to its specification.

Faults or defects are sometimes called “bugs.” Use of the latter term trivializes the impact faults have on software quality. Use of the term “defect” is also associated with software artifacts such as requirements and design documents. Defects occurring in these artifacts are also caused by errors and are usually detected in the review process.

So sorry, those are most assuredly bugs Smiley Happy