ExpressVPN

  • $150 – $2,500 per vulnerability
  • Up to $100,000 maximum reward
  • Safe harbor

US$100k first critical finding bonus for TrustedServer

This month features some exciting news for our TrustedServer platform, with the potential to earn the highest single reward offered by ExpressVPN. We are pleased to announce we are now offering a one time bonus of US$100k for the first critical finding on TrustedServer - that's 10x higher than our previous offering, valid until the first person claims the reward through our program.

TrustedServer - First Critical Finding Bonus

ExpressVPN built TrustedServer technology to significantly minimize problems that traditional server management poses. On top of having an independent audit by PwC to confirm TrustedServer’s security-enhancing claims, ExpressVPN is taking a further step by rewarding the people who help them improve their security. As such, ExpressVPN is inviting Bugcrowd security researchers to test the following types of security issues within its VPN servers:

  • unauthorized access to a VPN server or remote code execution
  • vulnerabilities in ExpressVPN’s VPN server that result in leaking the real IP addresses of clients or the ability to monitor user traffic

We've discussed this huge increase on our blog, as well as our bug bounty page. If these interest you, head over to our bug bounty program on BugCrowd to review the scope!

As always, happy hunting!