Skip to main content

Axis Communications strengthens product security with expanded bug bounty program

3 minutes read
Strengthened product security with expanded bug bounty program

Doubling down on its commitment to long-term cybersecurity through collaboration and transparency, Axis Communications announces two initiatives in cooperation with Bugcrowd: a new private bug bounty program for AXIS Camera Station Pro, and an expansion of the private bug bounty program for AXIS OSThe AXIS OS program is now open to all security researchers and ethical hackers with a Bugcrowd account.

"The partnership with Bugcrowd enables us to strengthen our secure development processes and ensures that our customers benefit from increased product security throughout the lifecycle,” says Johan Paulsson, Chief Technology Officer at Axis. “This is our long-term commitment and one of the building blocks of our multi-layered approach to cybersecurity. Axis is a safe harbor for ethical hackers and researchers. We appreciate their expertise and hard work and look forward to greater engagement with the community.”

A new bug bounty program for AXIS Camera Station Pro

Axis recently launched a private bug bounty program for selected ethical hackers and researchers. The program is focused on the company’s video management software (VMS), AXIS Camera Station Pro. It is a valuable new way to harden and maintain cybersecurity for the VMS, which is optimized for Axis products. The bug bounty program for AXIS Camera Station Pro is modeled after the successful AXIS OS program, which has been opened to more collaborators.

AXIS OS bug bounty program goes public

The AXIS OS bug bounty program is now open to all security researchers and ethical hackers with a Bugcrowd account. Launched as a private program in December 2022, the number of participants has since increased significantly to more than 8000 researchers. Making the AXIS OS bug bounty program public considerably broadens the base of researchers and ethical hackers who can identify and report vulnerabilities. It is also an acknowledgement of the program’s success: Fourteen vulnerabilities disclosed by Axis since the program began were discovered through bug bounties. In other words, program participants discovered most of them. Opening the program up also sends a message that Axis is confident in the resilience of its operating system and serious about vulnerabilities. 

How Axis bug bounty programs work

Axis bug bounty programs take advantage of the expertise of a global community of trusted researchers and ethical hackers to strengthen the security of Axis products and solutions. When an individual identifies a vulnerability, Axis provides a cash reward (a bounty). The amount of the reward depends on the severity of the vulnerability based on the Common Vulnerability Scoring System (CVSS). Axis regularly reviews the amount of its cash rewards to keep its programs attractive and competitive. The rewards for the AXIS OS bug bounty program currently include up to $25,000 and an AXIS M1075-L Box Camera free of charge.

For information on all the CVE-ID disclosures for AXIS OS, visit AXIS OS Security Advisories.
Madeleine Eibrand
 - 
Press contact
Communications Manager, Brand & Thought Leadership, Axis Communications
Phone: +46 46 272 18 00
|
Madeleine Eibrand
To top