ExpressVPN just majorly upped its bug bounty reward
The reward for finding a critical flaw in TrustedServer has increased tenfold
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
ExpressVPNhas revealed it is now offering ten times more money to anyone able to uncover security bugs.
TheVPNcompany announced, via Bugcrowd’s Bug Bounty program, that it will reward anyone who is able to find and demonstrate a “critical security bug” on ExpressVPN’s in-house technology, TrustedServer, with $100,000.
The company’s previous top reward was $10,000.
Monitoring user traffic
A “critical security bug” would be either something that would allow unauthorized access to a VPN serverendpoint, or allow remote code execution (such asmalware).
It would also mean any vulnerabilities in the VPN server that result in the leaking of the clients’ real IP addresses, or which would allow third parties to monitor user traffic.
TrustedServer’s goal, as ExpressVPN explains, is to “significantly minimize” problems inherent to traditional server management.
At its core, it’s anoperating system, with “multiple layers of protection”, such as a custom Linux distribution built on Debian Linux and developed in-house, a reproducible build and verification system ensuring the authenticity of the source code and the build system, or the ability for ExpressVPN to know exactly what’s running on each and every server.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
NordVPN maker has expanded its bug bounty program>Calling all ethical VPN hackers: ExpressVPN launches new-look bug bounty program>Apple pays major bug bounty to fix Safari flaw that hacked your webcam
“Traditionally, VPN infrastructure may be vulnerable to several privacy and security risks,” commented Shaun Smith, Software Engineering Fellow at ExpressVPN and the architect behind TrustedServer.
“This is because most traditional approaches to managing server infrastructure cannot account for various security and privacy risks that are important for VPN service providers to mitigate. We built TrustedServer to address those risks, and make the same solution scalable, consistent, and secure across all our servers.”
Virtual Private Networks were once a staple of network security. However, in recent times, especially with the emergence of remote and hybrid working, and with cybercrime growing as dangerous as never before, organizations have been increasingly turning towards zero-trust network access (ZTNA).
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Is it still worth using Proton VPN Free?
Mozambique VPN usage soars as internet restrictions continue
Your doctor may have an AI assistant taking notes during your next Zoom call
