We invite you to participate in Proton’s mission to secure their user’s private data online!

 

Proton was founded in 2013 by scientists who met at CERN and were drawn together by a shared vision of a more secure and private Internet. To support the global effort to protect civil liberties and build a more secure Internet, Proton has launched a private Bug Bounty Program together with Bug Bounty Switzerland. We invite sophisticated security researchers, cryptographers and hackers with experience searching for and identifying advanced vulnerabilities to join this program.

Why we want you

What you can expect

Key focus areas include

This is a private program – only invited researchers can participate. We are committed to working closely with qualified security researchers to ensure that our products are as secure as possible.

If you are interested in participating in this program, then apply now!

Apply

 

What you can expect

The Systems in Scope

In scope are all systems of Proton (server systems, web applications, apps, local applications), including source code of most of them. Additionally, preview access to non-published source code and/or corresponding builds of the applications can be provided.

 

How we assess the Impact

When assessing the reports, the impact on Proton and its users is relevant. For example, the following will be considered:

What kind of data or system can be accessed?

Single users

Rewards

Based on the impact bounties up to 30k are paid out.

Source Code

For most of Proton’s products the source code is available and can be used for example to identify bad implementations or cryptographic issues which could lead to exploitation.

Legal Safe Harbor

The program provides a legal safe harbor and protects security researchers from prosecution when they act in good faith and comply with the rules of the program.

Responsible Disclosure