Congratulations to Guido Vranken for earning our first bug bounty!

Security researcher Guido Vranken has had the honor of being our first bug bounty payout totaling $5000 USD for his work on fuzzing OpenVPN 2.4.2 and finding a variety of memsafe and error handling flaws, responsibly disclosing them, and working with OSTIF and the OpenVPN security team to integrate his custom code into the OpenVPN project to eliminate this class of bugs from resurfacing in OpenVPN.

This bounty was for responsibly disclosing multiple flaws that led to CVEs as well as some other minor bug fixes:

CVE-2017-7521

CVE-2017-7508

The combined total bounty for his bug reporting was $3500 USD. He was awarded a $1500 bonus for his work integrating his tools into the OpenVPN developer program to prevent future occurrences of this type of flaw.

Thank you Guido for your fantastic work, from all of us at OSTIF.