Consumer privacy and security company ExpressVPN is offering US$100,000 via Bugcrowd’s Bug Bounty solution to researchers who can find and demonstrate a critical security bug on ExpressVPN’s in-house technology, TrustedServer.
It’s the highest single bounty offered on the Bugcrowd platform and 10 times higher than the top reward previously offered by ExpressVPN.
ExpressVPN built TrustedServer technology to significantly minimize problems that traditional server management pose, says Shaun Smith, software engineering fellow at ExpressVPN and the architect behind TrustedServer. On top of having an independent audit by PwC to confirm TrustedServer’s security-enhancing claims, ExpressVPN is taking a further step by rewarding the people who help them improve their security, he adds.
ExpressVPN is inviting Bugcrowd security researchers to test the following types of security issues within its VPN servers: unauthorized access to a VPN server or remote code execution; and vulnerabilities in ExpressVPN’s VPN server that result in leaking the real IP addresses of clients or the ability to monitor user traffic. To participate in the bug bounty go to https://www.expressvpn.com/bug-bounty.