NordVPN launches bug bounty program to boost security

Why is a bug bounty a big deal?

We’ve just increased the size of our penetration testing team to potentially the entire cybersecurity community.

We love our in-house penetration testers. They’re talented white-hat hackers who work hard to keep NordVPN one of the most secure VPNs in the world. However, there are only so many of them, and NordVPN’s global infrastructure grows larger and more complex every month.

Now, enterprising cybersecurity pros around the world can search our system for any flaw large or small and get paid for it. Bug hunters may earn rewards for anything from minor bugs to critical flaws – as long as they impact our service. This also means that grey- or black-hat hackers who find flaws may decide to notify us for an easy payday rather than trying to exploit those flaws.

All of this will have a profound effect on ensuring the quality and security of our service.

How does the NordVPN bug bounty program work?

1. You find something you think might be a bug, flaw or vulnerability in our service;
2. You report it to us through our official page on HackerOne, a globally trusted bounty program site;
3. Our dev and admin teams evaluate your report to determine the impact, if any, that the issue has on our service;
4. You get paid depending on the severity of the issue you’ve uncovered.

Bounties can range from $100 for minor issues to over $5,000 for critical flaws.

Is that it?

If you’d like to hunt bugs in NordVPN’s service, please read our full policy on HackerOne before you begin. Certain exceptions do apply. Otherwise, happy hunting!

Bugs and vulnerabilities wanted – dead or alive – at NordVPN.