According to Bleeping Computer, ExpressVPN has updated its Bug Bounty vulnerability detection program on Bugcrowd. The service offered the highest single bounty offered on the Bugcrowd platform, $100,000 for compromising or breaking TrustedServer's own security system.

ExpressVPN’s Bug Bounty has been asking security researchers for six years now to investigate and find bugs in VPN user apps across platforms, browser extensions, and various websites and service platforms, including those hosted on the Tor network. Program participants can receive from $150 to $2.5 thousand for discovered vulnerabilities in ExpressVPN services and IT infrastructure.

For the first time, ExpressVPN invited third-party security experts to hack and find critical vulnerabilities in their own TrustedServer technology. The $100,000 reward will go to the first researcher who can remotely access ExpressVPN's servers or get customer data - their actual IP addresses - and be able to track user traffic.

According to ExpressVPN, TrustedServer is a custom-built Debian Linux-based system with security tweaks and enhancements that make it ideal for use in a VPN-enabled network infrastructure.

Bleeping Computer explained that ExpressVPN uses TrustedServer-based, RAM-only builds on its servers from ExpressVPN's fault-tolerant server solutions that are geographically distributed around the world. The service periodically cleans the accumulated user data, which is activated when the servers are rebooted. The TrustedServer system provides assembly verification, which prevents cases of tampering with the code. Service engineers also reinstall this system weekly with new updates on each ExpressVPN server.

Bleeping Computer suggested that it would likely be difficult to find bugs or vulnerabilities in such a system in order to receive such a large payout, hence ExpressVPN's confidence and current promotion.

bbabo.Net