“We’ve known the key facts relating to Daniel’s employment history since before we hired him,” the company said in a statement. “If you’re an ExpressVPN customer, you shouldn’t be,” says Snowden on his Twitter profile.Īccording to DOJ court documents, Gericke had been part of a team, known as Project Raven, that helped the UAE government perform surveillance on high-influence American targets, like heads of state, personalities, and activists.ĮxpressVPN has responded, seemingly in full support of Gericke. We recommend you submit this information, and we'll review your submission and determine if it qualifies for an upgraded severity and reward.If you're an ExpressVPN customer, you shouldn't be. Please do not submit a disclosure request if your submission fits into these categories.ĪPI keys and login information such as usernames and passwords may be submitted to the program and will initially be rated as a P5. However, please note that we will automatically reject any findings that are marked as duplicates or not applicable. ![]() We will review coordinated disclosures on a case by case basis. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. Contractors, consultants, representatives, suppliers, vendors, or any other persons related to or otherwise affiliated with ExpressVPN.įor the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy.Full-time or part-time employees of ExpressVPN or any other subsidiary of Kape Technologies, as well as their friends and family and.Thus, the following individuals are not eligible to claim the bonus for the first critical finding: We strive to ensure that our challenges are on a level playing field. A researcher found to be testing out of scope will be ineligible for a reward and we will reserve the right to immediately remove the individual from the program. ![]() If you are unsure if your testing is considered in-scope please reach out to to confirm first. For example, admin panels for data center services we utilize are out of scope because they are not owned, hosted, and operated by ExpressVPN. Please ensure that your activities remain in-scope to the program. We use TrustedServer as a platform for all the protocols that we offer our users, so all our VPN servers are considered in scope. This bonus will be valid until the prize has been claimed. To make this challenge more enticing, we are introducing the following bonus: the first person to submit a valid vulnerability will receive an additional $100,000 USD bonus bounty. This will require demonstration of unauthorized access, remote code execution, IP address leakage or the ability to monitor unencrypted (non-VPN encrypted) user traffic. ![]() In order to qualify to claim this bounty, we will require proof of impact to our user’s privacy.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |