Today we moved another step towards building a strong relationship with the security researcher community by announcing our bug bounty program. The bug bounty program also serves to provide transparency with industry so that everyone knows precisely how many vulnerabilities have been discovered and by who. To us, the who is just as important as the vulnerability itself, because we wish to reward those who are assisting us with our mission of continuing to provide the most secure and private smartphone in industry. We know this program can only be successful if we continue to build a strong relationship with the security researcher community.
For the moment, our minimum reward will be $128 and we have no maximum at this time. We will reward monies, prizes, and gifts based upon the significance the vulnerability has on the Blackphone mission. An annual award is also in the works. What exactly is included in this program? Full rules and details are located at www.bugcrowd.com/blackphone To be even more clear – everything is on the table. Nation states and bad actors don’t care about rules. We do ask that you not disrupt service to our customers, because that would be bad form. At some point in the future we will have test systems in place where DDOS and other service interruption techniques can be tested.
I truly hope each and every one of you will participate in our bug bounty program and join our cause for providing the most secure and private smartphone platform.