Responsible Disclosure Program

At WeVPN we take the security and privacy of our users data very seriously. However sometimes vulnerabilities can still exist and we’re looking for your help.

hero-image

Do The Right Thing

If you have discovered or believe you have discovered potential security vulnerabilities in a WeVPN application or service we encourage you to disclose your discovery to us as quickly as possible in accordance with this Responsible Disclosure Program.

We will work with you to validate and respond to security vulnerabilities that you report to us. Because public disclosure of a security vulnerability could put the entire WeVPN community at risk we require that you keep such potential vulnerabilities confidential until we are able to address them.

We will not take legal action against you or suspend or terminate your access to any WeVPN services provided that you discover and report security vulnerabilities in accordance with this Responsible Disclosure Program.

Discovering Security Vulnerabilities

We encourage responsible security research on WeVPN services and products. We will be rewarding researchers with monetary prizes anonymously in Bitcoin for findings.

We allow you to conduct vulnerability research and testing on the WeVPN services to which you have authorized access. In no event shall your research and testing involve:

  • 1Accessing or attempting to access accounts or data that does not belong to you or your Authorized Users
  • 2Executing or attempting to execute a denial of service attack
  • 3Sending or attempting to send unsolicited or unauthorized email spam or other forms of unsolicited messages
  • 4Posting transmitting uploading linking to sending or storing malware viruses or similar harmful software or otherwise attempting to interrupt or degrade WeVPN services
  • 5Any activity that violates any applicable law
  • 6Any attempt to modify or destroy any data

Discovered a security vulnerability?

Please share the details with WeVPN by sending us an email with details to [email protected] (PGP Key)