Bug bounties have a proud tradition dating back to the very early days of the internet. In 1983, Hunter & Ready, makers of the now antiquated Versatile Real-Time Executive (VRTX) operating system, started the ball rolling with the first known bug bounty.
Ethical hackers were encouraged to trawl the operating system looking for critical errors and vulnerabilities (aka bugs). In return for their hard work, Hunter & Ready gave a Volkswagen Beetle to any hacker who found and reported a bug.
Today, bug bounties are run by a number of leading companies and they offer financial rewards in return for any discoveries.
The benefits of bug bounties are obvious: Ethical or white-hat hackers get a chance to flex and monetize their skills while companies get to discover any potential vulnerabilities they were not previously aware of. When the issues are found, companies can patch the security flaws, improve the quality of their product and, ultimately, keep their customers happier and more secure.
Unfortunately, not all major tech and software companies see the benefits. In what has come to be called T-shirt gate, Yahoo! sent bug hunters a measly US$12.50 credit voucher which could be redeemed for items such as company branded T-shirts. While the Director of Security did try to explain himself in a blog post, ethical hackers were outraged and let Yahoo know. Thankfully, the company has now adjusted its bug bounty rewards for the better.
Why Bug Bounties are Key in the VPN Industry
Bug bounties are helpful to any company working in the tech or digital space, but they are particularly useful to the VPN industry. After all, a VPN company’s main prerogatives are user privacy and cybersecurity.
By participating in bug bounty programs, VPN providers display a commitment to ongoing security and, by extension, to their users through the best product possible. Bug bounties help company’s stay ahead of the cybersecurity curve and offer white-hat hackers the chance to put their skills to good use. It’s a win-win situation that benefits both the hacker and the VPN company.
ExpressVPN’s Bug Bounty Program
Security and privacy software leader, ExpressVPN, has run its own VPN bug bounty program since 2016. The company runs a sprawling network of VPN servers located in more than 90 countries around the world.
ExpressVPN’s doors are open to bug hunters and it invites ethical hackers to examine its products: cross-platform VPN applications for all major operating systems alongside VPN routers and browser extensions. On its website, Express notes that it values “excellent engineering and is always looking for ways to improve the security of our products and services.”
Bug hunters are also encouraged to examine the company’s internal systems (employee email, internal chat messages, source code hosting) or look out for any vulnerabilities that compromise employee privacy.
Standard bug hunting rules apply: do not compromise the privacy of users, keep any discoveries confidential until the vulnerability is fixed, don’t destroy any data, interrupt the UX while hunting, or disturb any systems.
Challenge yourself and get the reward you deserve!
Article submitted by David Cadelina @TechWarn.com
