Vulnerability Disclosure Policy
In case you have found any potential or real vulnerability issue in VPN Super app or website, please report the issue as soon as possible, providing all related details. We accept all types of reports with privacy concerns and security-related issues at [email protected]. For safe communication with us, you are welcome to use our PGP key: ff1b2b39803aa09727ae6cdb04ce7f63d765b90d
When VPN Speed Gets Your Report:
- We ask you to keep the vulnerability data and communication confidential;
- We confirm that the vulnerability exists and detect which app releases are affected. When the findings are confirmed, a CVE ID;
- We release a fixed version after the issue is resolved as soon as possible. If it is not possible to resolve the issue at the earliest opportunity, identified workarounds may be published in case it ameliorates the situation in an agreeable way not putting our users at risk;
- We add, with your consent, a reference to you as part of our next release notes, unless you want to stay anonymous;
- We do our best to keep you updated on the reported vulnerability progress.
- In case we experience any vulnerability issues that may compromise our users’ privacy, we undertake to perform hotfixes and inform users via in-app notifications, letting them know what versions may be affected and giving recommendations.
The Defined Response Time by Issue Severity
The severity of the reported issue determines the response time:
- Urgent issues are of top priority. They get fixed immediately and resolved in the most commercially reasonable terms.
- High priority issues get fixed as a part of planned maintenance works or release updates, usually resolved as a patch.
- Medium, Low priority implies that fixes will be delivered as part of the app version’s upcoming planned release.
Public Researcher Rewards Program
VPNs aim at ensuring Internet users safe and anonymous remote access channel for online activities by encrypting their Internet connection. Thus, users usually use VPNs to keep their sensitive data safe. And this fact attracts hackers and scammers who are constantly looking for a way to steal users’ data.
Although VPN Super uses robust high-standard security measures to let its users access their sensitive resources safely, we believe it is essential to continuously work on detecting possible security vulnerabilities and pitfalls that hackers may use. That is why we encourage researchers of vulnerabilities as well as all our users to find our software pitfalls and report them to us to let us fix them in the fastest and most effective way to prevent hackers from taking advantage of the vulnerabilities that may expose our users’ privacy.
With our Public Researcher Rewards program, we reward top-performing vulnerability researchers that contribute to our service’s security, helping us ensure the safest and the most trusted product for the users of VPN Super. The level of vulnerability severity detects the type of reward for the researches.
Reporting issues of all severity types entitles reporters to get a reward. However, an issue itself determines the reward or bonus, but the quality of a report, together with estimated risk, is taken into consideration.
- Researchers who detect and report «Urgent» priority issues will get a $1000 reward.
- Researchers who detect and report «High» priority issues will get a $250 reward.
- Researchers who found and reported «Medium, Low» priority issues will get a $100 reward.
Our dedicated team of reviewers determines the size of the reward at its own discretion, taking into consideration the importance of the finding reported. If your finding qualifies, you will get a reward as soon as the issue is fixed. Your submission will be accepted within 30 days.