Calling all Ethical Hackers! OneSpan Launches Bug Bounty Program

Frederik Mennes, October 11, 2017

Security is of utmost importance to OneSpan as is maintaining a high security bar for our products and cloud services. As such, OneSpan has launched a bug bounty program to expand the security evaluation of our products beyond our walls and tap into the large pool of highly skilled ethical hackers outside our company.

The bug bounty program currently consists of two projects. The server-side project covers OneSpan’s IDENTIKEY Authentication Server and IDENTIKEY Risk Manager products. The mobile project covers two mobile authentication apps, namely DIGIPASS for Mobile and the DIGIPASS app, which are available for iOS and Android. Some of these apps are protected using our application shielding technology. We will be adding more products and cloud services in the future.

In order to launch the bug bounty program we are working with intigriti, a crowdsourced security platform connecting security researchers and white hat hackers with companies such as OneSpan. This platform hosts bug bounty programs from various companies, including airlines, telcos, healthcare institutions and retailers.

To be eligible for a reward, researchers will need to respect the scope of the projects, and provide a proof-of-concept. Ethical hackers who responsibly disclose security vulnerabilities are eligible for bug bounties, with the reward depending on the severity level of the finding. Additionally ethical hackers will be listed in OneSpan’s Hall of Fame to recognize their contribution.

To sign up, please visit our server-side project and mobile project on intigriti’s platform.

Happy bug hunting!

Frederik leads OneSpan's Security Competence Center, where he is responsible for the security aspects of OneSpan's products and infrastructure. He has an in-depth knowledge of authentication, identity management, regulatory and security technologies for cloud and mobile applications.