Calling all Ethical Hackers! OneSpan Launches Bug Bounty Program
Security is of utmost importance to OneSpan as is maintaining a high security bar for our products and cloud services. As such, OneSpan has launched a bug bounty program to expand the security evaluation of our products beyond our walls and tap into the large pool of highly skilled ethical hackers outside our company.
The bug bounty program currently consists of two projects. The server-side project covers OneSpan’s IDENTIKEY Authentication Server and IDENTIKEY Risk Manager products. The mobile project covers two mobile authentication apps, namely DIGIPASS for Mobile and the DIGIPASS app, which are available for iOS and Android. Some of these apps are protected using our application shielding technology. We will be adding more products and cloud services in the future.
In order to launch the bug bounty program we are working with intigriti, a crowdsourced security platform connecting security researchers and white hat hackers with companies such as OneSpan. This platform hosts bug bounty programs from various companies, including airlines, telcos, healthcare institutions and retailers.
To be eligible for a reward, researchers will need to respect the scope of the projects, and provide a proof-of-concept. Ethical hackers who responsibly disclose security vulnerabilities are eligible for bug bounties, with the reward depending on the severity level of the finding. Additionally ethical hackers will be listed in OneSpan’s Hall of Fame to recognize their contribution.
Happy bug hunting!