As a provider of VPN software and services we take security extremely seriously. TorGuard is committed to continuously auditing our infrastructure in a coordinated effort put forth by both internal team members and those in the community.  We believe this proactive and continuous approach to security testing will provide our users with the highest levels of protection.

Every year we’ve strengthened our VPN app and network with consistent updates and new features. Now in addition to our team’s continued efforts and security audits, we are launching a bug bounty program to make use of outstanding community members and security experts.

If you can find a vulnerability with TorGuard VPN’s software, website or network, we will reward you through this generous program. We encourage you to use responsible disclosure practices when reporting and notify us immediately.

TorGuard VPN Bug Bounty Program Rules

Scope of the program:

This Bug Bounty program is limited to the TorGuard VPN servers and web as well as the desktop and mobile applications run by TorGuard VPN (Windows, MacOS, iOS, Android, and web extensions). Our social media accounts do not qualify. The sites that do qualify are as follows:

TorGuard.net

Stealth.tg

updates.torguard.biz

How we decide:

Our team will look at the severity and legitimacy of the findings and decide the verdict on a case by case basis. The bug bounty program participants must agree to respect the final decision made by TorGuard management.

Responsible disclosure of findings:

All vulnerabilities must be disclosed only to TorGuard VPN at our security report address: (admin [at] torguard.net). Until the findings have been fully investigated, fixed, and publicly disclosed, participants can not disclose or discuss any findings. You can use the PGP key below to encrypt the report when submitting any information.

Responsible testing:

In an effort to protect our users and their privacy, please do not attempt to hack any user accounts or attempt to leak sensitive data. Additionally, do not perform any testing that could degrade our services. For more further information, please contact us.

Following the Rules:

By participating in this program, you agree to adhere to the above rules and conditions. All rules must be followed to receive eligible rewards.

What Qualifies as a Bug or Finding?

Any design or implementation on TorGuard’s website, apps, or services that could compromise our security or user data are subject to this program.

Non-qualifying vulnerabilities could include:

  • Out of date browser vulnerabilities
  • Security issues outside of TorGuard’s threat model
  • Phishing or social engineering attacks
  • Bugs requiring unlikely user interaction

Reward Amounts?

The size of reward bounties is determined on a case by case basis $5,000+. To be awarded with a bounty, you must be the first person to notify us of a finding.

—————————————————————————————————————

 

Official TorGuard Security Report Address: (admin [at] torguard.net)

PGP Key:

—–BEGIN PGP PUBLIC KEY BLOCK—–

xsFNBFrs69ABEAC5dciNO52NVw0HHmKwP7YIsOLao+Oymj2GJb4v9TQBaH7e
HjmvbrJK3/+uIY5vFC+oaE1a0+7KsEznBHve6E//UECERTDLuadnAgStK50A
lmdO/4ZRo/aElooevnsuopjltwZ3wYG61oqFLz3hq34uzHJKxwzTc4hZdjBy
jf1VjfJc6WvBy168s6ZAgWtQK/uNtx9usn7XGb+8OWFpiFwuVOmpW7wbpVVa
CDjuerhZofXK1QhXSlIdUjIrsgMx/m438RLwS5qpBXl9QNkl8vDcq24MIzHd
ofTXZ3ZwIhsETSyqmLjkxizo5BvZsIYPNNP4eouQI2vcoISbCrpTGNDEPA4a
UEJ4eI0d9h8DsbEc5TiZq32PV/uYTmXeLx8cLyXvomR9RSQzmCb+/7+WCqZU
eGlTEpm7cWkmKbt6UfW7fUhPpLV5vMIy65Wv/j2DHkj6+FUTcm6OuK2GZow/
CDzcxdzdIcmh3PY2pi0yqVP6DLgf3XVa32XDd5vD6zxsAgAAVjrP7A0+CC1y
nP0vD7OptmX83zMDd+Q4Jdhl9pj7i7E/tOhzjp+L86MEfnYj+xwDgln2XNhq
mbNUiAXTYraHVAlf+i9S4oXTASvJlBehhXyvXry8ALEg7nL1/TnsjyIsahY6
jFK2Uz41XsdLhtdbrA4JhP24sb/SBfKcDhQz3wARAQABzRtURyBWUE4gPGFk
bWluQHRvcmd1YXJkLm5ldD7CwXUEEAEIACkFAlrs69MGCwkHCAMCCRBl0XiF
9mjgPQQVCAoCAxYCAQIZAQIbAwIeAQAA32UP/jJuR05cA2kS0iMrUiaVbHYn
u1XJNXuzkvHmQ8u6ISKecgVRlQA09a2ID9acAGoa/w//ZGHz/n+ObOazC40u
IrSqJaR6tHEgXX4Z2H0YrkkS+cfgrepp80QYOxDjRVM3M48BwqWAaBHewvQ5
lYGgrW2qeoWmBv8zVxjchXa+2FsksHKi0irxGV665quydEW0OPMKTgSM2mYe
k7BxBEHfgFr9olJpdr5hO+KlvS7nPbfdtv9rFCsaWR6Tn3J3tASHWWd/ILpX
Q/pW0H2JdxW5Tr0ibg7w7fB2BPfHhaTPvYs1RoJPqIL8d995qp5aCnQjMjef
F5JiixYzhyML2uNuD4NhruiBZNsh/Z8FLPH+VsFsdguLsccwTTsNUoCDaobD
uRnhk/xb/hi8toe7NR+8kFVEK5mhrosTojGM0lkcpPnYZxitSvIuY3pnx61C
rCWyEADO4ASMUXWIySua0fyJyjxrxj1gWUygG5AAFP3avTtnYuCX+bNCySV3
VyI8coY9oKQOjjBabUwgfn9EM7SFnV6tTaZTyBUkOWxHCSX6JSw+5kG1X415
Y++OFbpvoCaIt9AMKp+9UcZoucXWWTv/bTr8tVg/VZvG83VsXFq5+U4YvplA
hO/NBHe525BhvIHfNFzIGSj+WSzonpmlEvq4EZU3WorYto4eYbOBVqMbrjLn
zsFNBFrs69ABEAChpaw09cc3e7MOBS74R61+BeeojkR+Dd0hoIA48LTOKroz
K8bMtww0DJZZ998XrpuTy0SPZWY7YPRpnbaW72pCyx/BRJ3fuLFAvRcth204
w5PTwY/j1EaNWYBgjKY6DC+A5bBd0I+IsPebIRgQOe/90/mirXuvQ1ltAt05
nOiC/VJNq8zbgNtzmwO+DOXxS7jFhnzy8Q5s0TP7DpRsd0eaHiJg2DsoxGZ7
yvIIMVusQhXm5nZWYPEFixmQevkSnAOFiNy+heDxv0Gzkw+Dw9M5CZ7Ofz5g
yI7CC8DzQycl1aer26msyx1tguXV7ww1H2nvT0nBhFnip8YRZedSyX2ZHiDb
uSr0LwDfORIG61Hw2wxHvhAU2aEfGH8MFlpNO1kKufKsAp48E8SKQgLhcYp6
wIFA7WykR6YBDecHvRlzH1/WZ9bk5kbiDZXhvT6KuOid0SCMR+9AF1KGrfRv
gATLf4NjzeEbMS8UJfnlv9heykbPJ3bvY8La7PI/50fyTxLax7IdEl38AWoa
Kbv4B0Gnqn+jgdmcQPcFF0P9X1lDVcbEfsijs1cHoAkzh+SxrWb5sSOyxkrS
DUFDB+k36/PcVda2VAe2toTUQNzHKnAtM+XWFeLCxG9B5LJhi5Qxpqp2b0el
wlmCUM+63TEs2HcPUan4J7sjcPP/ShCyM+DCCQARAQABwsFfBBgBCAATBQJa
7OvUCRBl0XiF9mjgPQIbDAAAGwgP+wQ4rpnRLiBmfLsVEEeeubgcnuym6zC/
TPZESifRb+HBxMESpVEyrSAxvyLFbbMi4M8Y4MJaXQR4IiwdJ45BYSzLT2kj
aTrSn9IaECIMt7WJ+KxCKvy4+r81OxeR7G40SmyJwT+c8lZjED3CFkPyNQFl
7s7HyStmcU07jYAQQzlNsDlMybbqHDgt4jQe9c82mgI31lPCRLqiqfnhiTyr
x5AlzKiE7g6vgvhGBl7/IkrvOV8N1sAzSlUPWv+1jZv/mkh3xnNPc8+gYJpu
6uXHGUg3Ne0MyjqcZfS4Xxnl1UDF29nwWuaenNaDLMV+x1jcrHsJqlSN5BPz
UUq3LoBHc5aWt5wwLPKdjd61Cg5Rak4OzBKGpXjHyh4AqqFI0O+neCAbdTFZ
dv9hHUgNoTEVuqy2JNLnpvo9hBQt2sleEWgFI/IwoZsnR6YlzznSmhU5wftV
vvLTQyWamkd1wKvFgT2vvHdEAAOT11eXYiETAlSKOONv33Gkv1RSGnCk5BQY
Nk/zVp88Iia25XehiKG31d8HbjMRmG+8iK47fBcwsQhZ5XzJMU35UZvRq3cv
A87VPtYIClNarmFZUuNkIwkvauhF5w3nyrT+s97S2pfTGDXce1WJ46fK2MzT
4x1joOoL7A6zLRWCSJ3ZPWI/Zk3RTBr+tJO04N+WoN+WBsuBN88s
=6yCG
—–END PGP PUBLIC KEY BLOCK—–

Share this post