Calling all ethical VPN hackers: ExpressVPN launches new-look bug bounty program null
Leading VPN provider ExpressVPN has expanded its bug bounty program in a bid to encourage the widest possible pool of white hat hackers to help root out vulnerabilities in its products and infrastructure.
The firm has operated a bug bounty program since 2016, rewarding tens of thousands of dollars to third party researchers, but has now given the initiative a face-lift with the support of security crowdsourcing platform Bugcrowd.
According to an ExpressVPN blog post, hosting the bug bounty program via Bugcrowd will improve accessibility, draw a wider variety of security talent to the project and thereby ensure customers remain protected.
The new-look program will also allow in-house engineers to focus on addressing any bugs that might be identified, with the assessment and triage of bug reports handled by Bugcrowd.
Express VPN bug bounty program
According to ExpressVPN, the expansion of the bug bounty program was motivated by a fierce commitment to its users’ privacy – the core premise at the heart of the company’s offering.
“Our focus is on finding vulnerabilities that would allow an attacker to access customer data, break encryption protocols, or access our servers, as well as any bugs that can harm our systems and users,” explained ExpressVPN.
“We encourage you to look for these bugs and vulnerabilities in our apps, website, servers, and all other ExpressVPN properties.”
According to the Bugcrowd page, ExpressVPN is offering bounties between $150 – $2,500 per bug, depending on severity. Since the page was launched, 21 vulnerabilities have been rewarded, with an average payout of $726.92, which suggests most were classified as moderately severe.
The company has also pledged “safe harbor” to security researchers, provided their work is performed in good faith, which amounts to a promise not to take legal action against ethical hackers.
While the program brief is broad, the company will not pay out for bugs found in alpha and beta versions, nor for the discovery of social engineering attacks or physical security flaws at ExpressVPN premises.
Leading VPN provider ExpressVPN has expanded its bug bounty program in a bid to encourage the widest possible pool of white hat hackers to help root out vulnerabilities in its products and infrastructure. The firm has operated a bug bounty program since 2016, rewarding tens of thousands of dollars to…
Recent Posts
- Samsung’s best customization app for Galaxy phones is now on Google Play
- Apple’s earnings show that, yeah, it’s really time for some new iPads
- FCC asks for more money to help telecom providers replace Huawei and ZTE gear
- Spotify Supremium leak reveals what the new tier and some features may look like at launch
- When notifications remind us of things we’d rather forget
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011