NordVPN launches bug bounty program

NordVPN has launched a public bug bounty program through HackerOne, with rewards which could exceed $5,000.

The bug bounty program covers NordVPN websites ( and some subdomains), Chrome and Firefox browser extensions, VPN servers, and desktop and mobile applications for all platforms.

Bug bounty hunters have been assured that no legal action will be taken against them as long as their penetration testing efforts are ethical, but they are not allowed to disclose bugs before a patch is released and without explicit permission, and they must give the company at least 90 days to fix a vulnerability.

This is a reference payout range for vulnerabilities depending on their severity levels:

  • Critical: $1000-5000+ USD
  • High: $500-1000 USD
  • Medium: $100-500 USD
  • Low: $100 USD
  • None: $0 USD

Further information avaliable at –

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: