The OSTIF Bug Bounty Program has Officially Begun

We are proud to announce that the pilot program for OSTIF bug bounties has started. This means that researchers around the world can now find application and security flaws in OpenVPN and VeraCrypt for monetary and career-building rewards.

The maximum award for OpenVPN and VeraCrypt is a $5000 bounty for a critical flaw that leads to information disclosure (locally for VeraCrypt, remotely for OpenVPN).

To qualify for rewards you must follow our rules and guidelines for how to handle sensitive information for responsible disclosure. You can read about these rules here:

You can find the contact information and PGP keys to report bugs to our projects here:

This program is a huge step forward in make sure that quality, free, uncompromising and secure software is available to the world. Join us in our mission to keep the digital world free and secure.

Support OSTIF by donating to our cause, telling others about us, or helping us work with your employer to support a free, safe, and open digital world.