Security is of utmost importance to VASCO as is maintaining a high security bar for our products and cloud services. As such, VASCO has launched a bug bounty program to expand the security evaluation of our products beyond our walls and tap into the large pool of highly skilled ethical hackers outside our company.
The bug bounty program currently consists of two projects. The server-side project covers VASCO’s IDENTIKEY Authentication Server and IDENTIKEY Risk Manager products. The mobile project covers two mobile authentication apps, namely DIGIPASS for Mobile and the DIGIPASS app, which are available for iOS and Android. Some of these apps are protected using our application shielding technology. We will be adding more products and cloud services in the future.
In order to launch the bug bounty program we are working with intigriti, a crowdsourced security platform connecting security researchers and white hat hackers with companies such as VASCO. This platform hosts bug bounty programs from various companies, including airlines, telcos, healthcare institutions and retailers.
To be eligible for a reward, researchers will need to respect the scope of the projects, and provide a proof-of-concept. Ethical hackers who responsibly disclose security vulnerabilities are eligible for bug bounties, with the reward depending on the severity level of the finding. Additionally ethical hackers will be listed in VASCO’s Hall of Fame to recognize their contribution.
Happy bug hunting!