The virtual private network (VPN) service provider NordVPN announced the launch of a public bug bounty program.
White hat hackers will receive payouts between $100 and $5,000 for each reported vulnerability.
Below a reference payout range for the vulnerabilities
The bug bounty program will be operated via the HackerOne platform, it covers NordVPN websites (nordvpn.com and some subdomains), Chrome and Firefox browser extensions, VPN servers, and desktop and mobile applications for all platforms.
“To encourage security researchers and our user community, we commit that, if we conclude, in our sole discretion, that your submission respects and meets the requirements of this Policy and Agreements, we will not pursue civil or criminal action, or send notice to law enforcement, and we may even reward you.” reads the safe harbor terms. “Neither will we pursue civil or criminal action, or send notice to law enforcement for accidental, good faith violations of this Policy and Agreements. We reserve the sole right to make the determination of whether a violation of this policy is accidental or in good faith, and proactive contact
Participants are not allowed to disclose bugs before a patch is released and without the explicit permission of the company, white hat hackers are obliged to give at least 90 days to fix the reported vulnerabilities.
In October, NordVPN and TorGuard VPN firms were hacked and threat actors leaked the private keys used to secure their web servers and VPN configuration files. At the time NordVPN revealed that the incident involved a
(SecurityAffairs – NordVPN, bug bounty)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.