Cybersecurity company Genians said on the 9th that it will expand its "bug bounty program" across all products and services to eliminate blind spots in security and take preemptive action against cyber threats.
A bug bounty is a system that pays rewards to participants who find and report security vulnerabilities in software or web services, operated to block the exploitation of vulnerabilities in advance and raise security levels. As the system spreads among global IT corporations, its necessity is being spotlighted again in Korea following major hacking incidents.
Genians was the first in the domestic security industry to introduce and operate its own bug bounty system. From March 2022 to the end of last year, a total of 827 vulnerability reports were received, enabling preemptive responses to latent security threats.
Until now, Genians' bug bounty applied only to the network access control solution (NAC) and the cloud customer service management (CSM), but with this expansion, the scope widens to all products and services managed by Genians. Third-party hosting services and external solutions are excluded, and the policy applies equally not only in Korea but also in global environments.
Genians plans to systematically manage the entire process from vulnerability intake to remediation and rewards by linking the vulnerability disclosure program (VDP) and coordinated vulnerability disclosure (CVD) with the bug bounty. Through this, the company aims to advance its vulnerability management process and strengthen a security operations framework that meets global standards.
Chief Executive Lee Dong-beom of Genians said, "This expansion of the bug bounty clarifies the scope of security responsibility and is a measure to more broadly accommodate real threats," adding, "We will continue to raise security levels across products and services through collaboration with domestic and overseas security communities."