NordVPN has launched a public bug bounty program through HackerOne, with rewards which could exceed $5,000.
The bug bounty program covers NordVPN websites (nordvpn.com and some subdomains), Chrome and Firefox browser extensions, VPN servers, and desktop and mobile applications for all platforms.
Bug bounty hunters have been assured that no legal action will be taken against them as long as their penetration testing efforts are ethical, but they are not allowed to disclose bugs before a patch is released and without explicit permission, and they must give the company at least 90 days to fix a vulnerability.
This is a reference payout range for vulnerabilities depending on their severity levels:
- Critical: $1000-5000+ USD
- High: $500-1000 USD
- Medium: $100-500 USD
- Low: $100 USD
- None: $0 USD
Further information avaliable at – https://hackerone.com/nordvpn