CyberGhost operates thousands of VPN servers and makes cross-platform VPN applications for all major desktop and mobile operating systems as well as routers and browser extensions.
CyberGhost takes the security of its applications and services seriously. We've offered an in-house bug bounty program for years and paid out thousands of dollars to security researchers in that time. We value excellent engineering and are always looking for ways to improve the security of our products and services.
Please ensure that your activities remain in-scope to the program. For example, admin panels for data center services we utilize are out of scope because they are not owned, hosted, and operated by CyberGhost. If you are unsure if your testing is considered in-scope please reach out to firstname.lastname@example.org to confirm first. A researcher found to be testing out of scope will be ineligible for a reward and we will reserve the right to immediately remove the individual from the program.
For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.
We will review coordinated disclosures on a case by case basis. However, please note that we will automatically reject any findings that are marked as duplicates or not applicable. Please do not submit a disclosure request if your submission fits into these categories.
Scope and rewards
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email email@example.com. We will address your issue as soon as possible.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.