Following the promise to bring its security to the next level, NordVPN, one of the leading VPN service providers in the world, has officially launched its bug bounty program. Bug bounty programs invite ethical hackers to catch potential security vulnerabilities, report them to service providers and get monetary rewards.
“At NordVPN, we seek to make our infrastructure — and customers’ data — as secure as possible. And community participation is essential for reaching this goal,” says Ruby Gonzalez, Head of Communications at NordVPN.
According to the company’s Head of Communications, this program aims to encourage researchers to analyze NordVPN’s website, applications, and services. Their efforts will help the provider boost the quality and security of its product. This way, bounty hunters get cash rewards, and users get a service they know is scoured for bugs by thousands of people every day to make it as secure as possible.
NordVPN’s bounties can range from $100 for minor issues to over $5,000 for critical flaws. All the findings must be reported using the HackerOne platform.
“What’s the difference between a minor issue and a critical flaw? Here’s an example: If you discover through a speed test on https://www.speedcheck.org/, that the VPN is slowing down your internet connection, such a bug would be more worth than if you find a typo somewhere on their blog.”
NordVPN accepts findings related to its applications, servers, backend services, website, and more. Bug bounty hunters do not need to worry about possible legal action against them as long as they keep their penetration testing ethical.
The bug bounty program is one of the five measures NordVPN is implementing to enhance its security. The other measures include switching to diskless RAM servers, full infrastructure security audit, a partnership with a top cybersecurity consulting firm, and higher security standards.
For more information: nordvpn.com