The new program is inviting ethical hackers and security researchers to look for potential security vulnerabilities in the VPN provider’s software and report them for monetary rewards.
Head of communications at NordVPN, Ruby Gonzalez explained how the company’s new bug bounty program will help secure its infrastructure, saying:
Microsoft paid out millions in bug bounties last year
NordVPN Teams is a VPN solution for businesses
Google offers million-dollar bug bounty reward
“At NordVPN, we seek to make our infrastructure — and customers’ data — as secure as possible. And community participation is essential for reaching this goal.”
Bug bounty program
NordVPN’s new bug bounty program will encourage security researchers to analyze its website, applications and services. Through their efforts, the company hopes to increase both the quality and security of its VPN service.
It is a win-win situation for researchers and NordVPN’s users as researchers will receive cash rewards for finding bugs while users can rest assured knowing that their VPN service is scoured for bugs by thousands of people every day to make it as secure as possible.
For minor issues, NordVPN will pay bounties from $100 while reporting critical flaws can earn researchers as much as $5,000. All of the findings must be reported using the HackerOne platform and the company will accept findings related to its applications, servers, backend services, website and more.
NordVPN’s bug pounty program is one of five measures the firm is implementing to enhance its security alongside switching to diskless RAM servers, undergoing a full infrastructure security audit, partnering with the cybersecurity company VerSprite and higher security standards.