ExpressVPN

TrustedServer — First Critical Finding Bonus

We have designed our ExpressVPN VPN servers to be secure and resilient. We even have an audited design called TrustedServer that dramatically improves the security posture of our servers. We’re confident in our work in this area and aim to ensure that our VPN servers meet our security expectations. As such, we’re inviting our researchers to focus testing on the following types of security issues within our VPN servers:

• unauthorized access to a VPN server,
• vulnerabilities in our VPN server that weaken our customer’s privacy.

To make this challenge more enticing, we are introducing the following bonus: the first person to submit a valid P1-P2 vulnerability, granting unauthorized access or exposing customer data, will receive an additional $10,000 USD bonus bounty. This limited-time bonus will be valid until the prize has been claimed.