ExpressVPN just majorly upped its bug bounty reward

By Scott Marlette Last updated Feb 8, 2022

ExpressVPN has revealed it is now offering ten times more money to anyone able to uncover security bugs.

The company announced, via Bugcrowd’s Bug Bounty program, that it will reward anyone who is able to find and demonstrate a “critical security bug” on ExpressVPN’s in-house technology, TrustedServer, with $100,000.

The company’s previous top reward was $10,000.

Monitoring user traffic

A “critical security bug” would be either something that would allow unauthorized access to a VPN server endpoint, or allow remote code execution (such as malware).

It would also mean any vulnerabilities in the VPN server that result in the leaking of the clients’ real IP addresses, or which would allow third parties to monitor user traffic.

TrustedServer’s goal, as ExpressVPN explains, is to “significantly minimize” problems inherent to traditional server management.

At its core, it’s an operating system, with “multiple layers of protection”, such as a custom Linux distribution built on Debian Linux and developed in-house, a reproducible build and verification system ensuring the authenticity of the source code and the build system, or the ability for ExpressVPN to know exactly what’s running on each and every server.

“Traditionally, VPN infrastructure may be vulnerable to several privacy and security risks,” commented Shaun Smith, Software Engineering Fellow at ExpressVPN and the architect behind TrustedServer.

“This is because most traditional approaches to managing server infrastructure cannot account for various security and privacy risks that are important for VPN service providers to mitigate. We built TrustedServer to address those risks, and make the same solution scalable, consistent, and secure across all our servers.”

Virtual Private Networks were once a staple of network security. However, in recent times, especially with the emergence of remote and hybrid working, and with cybercrime growing as dangerous as never before, organizations have been increasingly turning towards zero-trust network access (ZTNA).

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.