ExpressVPN Increases Its Bug Bounty Reward to $100,000

ExpressVPN

International VPN services provider ExpressVPN is paying $100,000 to researchers who can uncover and show a serious security problem in ExpressVPN’s in-house technology, TrustedServer, using Bugcrowd’s Bug Bounty service.

Photo Shaun Smith, Software Engineering Fellow at ExpressVPN and the architect behind TrustedServer
“TrustedServer is already the world’s first and most advanced VPN server technology, and we want to work with the community to elevate it further,” said Shaun Smith, Software Engineering Fellow at ExpressVPN and the architect behind TrustedServer.

ExpressVPN claims it to be the greatest single bounty on the Bugcrowd platform. This bug bounty is ten times higher than ExpressVPN’s previous top prize, demonstrating the company’s dedication to delivering important privacy safeguards to its consumers.

We’re uber excited to see a leader in the online privacy and security world stepping up collaborating with our community of cyber researchers, to ultimately work together to ensure a safe online experience for everyone,” said Nick McKenzie, Chief Information and Security Officer at Bugcrowd. “ExpressVPN’s ongoing partnership with Bugcrowd since 2020 demonstrates its commitment to a strong security posture and a constant drive to improve the security of its products and services. We hope this incentivizes more researchers to join the crowd, and be a part of finding solutions to secure the digitally connected world.”

VPN Server Technology

TrustedServer technology was created by ExpressVPN to drastically reduce the difficulties that traditional server administration may cause. ExpressVPN is going a step further by compensating users who assist them enhance its security, in addition to having an independent assessment by PwC to support TrustedServer’s security-enhancing promises.

Bugcrowd security researchers are invited to test the following sorts of security concerns on ExpressVPN’s VPN servers:

  • Remote code execution or unauthorized access to a VPN server
  • Vulnerabilities in ExpressVPN’s VPN server that allow for the disclosure of customers’ real IP addresses or the monitoring of user activity

“TrustedServer is already the world’s first and most advanced VPN server technology, and we want to work with the community to elevate it further,” said Shaun Smith, Software Engineering Fellow at ExpressVPN and the architect behind TrustedServer. “This means using the ingenuity of Bugcrowd’s security researchers to help us further improve the security of TrustedServer. It was important for us to demonstrate how seriously we take this contribution and are excited to see what the community comes back with.”

“Traditionally, VPN infrastructure may be vulnerable to several privacy and security risks,” added Mr. Smith. “This is because most traditional approaches to managing server infrastructure cannot account for various security and privacy risks that are important for VPN service providers to mitigate. We built TrustedServer to address those risks, and make the same solution scalable, consistent, and secure across all our servers.”

To learn more about this bug bounty program, visit their website here.