My first official blog post as CSO for Silent Circle and the topic is one that is very exciting – today we officially launch our bug bounty program! We have been providing secure and private communications across Apple iOS smartdevices, Google Android smartdevices, and of course Blackphone. In the past, we have only provided our source code for public review, but we did not have a method in which we could offer the security researcher community to publicly submit and track security bugs. Today that changes.
The need for secure and private communications continues to grow every day. Whether it is because we learn more about improper surveillance or phony cell towers the people of the world have degraded capabilities to have a private and secure conversation and that is a travesty. We have been very clear to industry that we do not keep customer records, therefore we know we are a target, because our customer list is precious. So, in order to expand our capabilities of catching and fixing security bugs we decided now was the right time to launch our program and reward those that are willing to spend their time in ensuring we continue to offer secure software.
For the moment, our minimum reward will be $128 and we have no maximum at this time. We will reward monies, prizes, and gifts based upon the significance the vulnerability has on the Silent Circle mission. An annual award is also in the works. What exactly is included in this program? Full rules and details are located at www.bugcrowd.com/silentcircle. To be even more clear – everything is on the table. Nation states and bad actors don’t care about rules. We do ask that you not disrupt service to our customers, because that would be bad form. At some point in the future we will have test systems in place where DDOS and other service interruption techniques can be tested.
I truly hope each and every one of you will participate in our bug bounty program and join our cause for providing the most secure and private multi-platform communication software.