|ExpressVPN Offers $100K Bug Bounty|
|Written by Sue Gee|
|Thursday, 10 February 2022|
ExpressVPN claims that its TrustedServer technology raises the bar for online privacy and security and to put this to the test it is offering a one-time $100,000 bug bounty bonus to the first person to hack it - ethically of course.
ExpressVPN's servers are designed to be secure and resilient through a system called TrustedServer, which, as explained in the video has two features intended to deliver a more secure internet experience. The first is that they run only on volatile memory - this ensures that no data can persist on the hard drive, even by accident since the servers run strictly on RAM only. Secondly, all software, even the operating system, is freshly run from the latest readonly image each and every time the server is restarted. This provides consistency and means that every one of its thousands of servers around the world has the same, most up-to-date software when powered on.
In the current climate of privacy concerns and confident of the benefits conferred by TrustedServer, ExpressVPN is inviting security researchers in its Bug Bounty program operated through Bugcrowd to focus testing on the following types of security issues within our VPN servers:
To encourage more hackers to participate there's a bounty of $100,000 USD on offer in addition to the normal reward as long as there is proof of impact to user’s privacy. This will require demonstration of unauthorized access, remote code execution, IP address leakage, or the ability to monitor unencrypted (non-VPN encrypted) user traffic. This bonus will be valid until the prize has been claimed.
Offering a large bug bounty bonus raises awareness of ExpressVPN's ongoing Bug Bounty program which covers:
While ExpressVPN properties can be considered included, certain testing methodologies are excluded. Specifically, tests that degrade the quality of service, e.g., DoS or spam, will not be considered for inclusion.
Cybersecuity has become ever more important and with all major players operating bug bounty schemes there is plenty of cash on offer to those who are skilled security researchers. If ExpressVPNs TrustedServer is as resilient as the company hopes it is the $100,000 may be on the table for a while but as the company has paid out bounties in the past there may be some pickings to be had even if this prize is never awarded.
or email your comment to: email@example.com
|Last Updated ( Friday, 11 February 2022 )|