Why OpenVPN Supports OSTIF's Bug Bounty Program

Leading companies like Facebook and Google have paid out millions to developers through their bug bounty programs. Now OpenVPN is supporting OSTIF’s efforts in engaging the brilliant minds in the community to maintain high cyber security standards.


"We are very pleased at the announcement that the pilot program for OSTIF bug bounties has begun,” says Gary McCloud, VP of Business Development at OpenVPN Inc.

What is a bug bounty?

A reward paid out to developers for discovering crucial flaws in software, particularly with open-source technology

Why is it important?

"Bug bounties are important because they are a cost effective way to bring the entire world’s security knowledge to bear on an application. The world of software security is almost infinitely complex and no one person or team can cover all possible types of vulnerabilities,” says Derek Zimmer, President & CEO of OSTIF.

Since OpenVPN is open-source technology, anyone can analyze our code and find potential problems. This is a good thing. OSTIF, which is a non-profit organization, is leading the latest effort this year to encourage researchers to comb through their supported projects like ours.

“By offering incentives this ensures that more eyes will be looking at OpenVPN and Veracrypt. When you increase the chances of vulnerabilities and flaws being discovered, you make systems more secure as a result. This is a win for Open Source and users of OpenVPN,” says McCloud.

"By offering a cash reward for positive results, you are bringing in incentive beyond altruism. This incentive, if large enough, drives amateurs and professionals alike to bring their expertise to your project,” says Zimmer.

Bug Bounties are valuable to companies. Facebook has shelled out $5 million in 5 years and Google’s program - $3 million.

If you’d like to schedule an interview with Gary to expand on this topic, please contact nineveh(at)openvpn(dot)net

About OpenVPN Inc. 

OpenVPN Technologies Inc has integrated a suite of leading-edge networking and software technologies to deliver virtual network software that provides secure, reliable, and scalable communication services, not only fulfilling the requirements of the traditional virtual private network (VPN) market, but also addressing the future demands of SDN – Software Defined Network, Remote Access to private Cloud/ networks, tunneling to UTM – Unified Threat Management Firewall Clouds/ Gateways, tunneling to DDOS Clouds/ Gateways to protect against malicious attacks. OpenVPN, our award-winning open source VPN protocol, has emerged to establish itself as a de-facto standard in the open source networking space with over 50 million downloads since inception. OpenVPN Technologies is the provider of next-generation secure and scalable communication services.

Share this story: