Bug Bounty Program

Virtru runs a semi-public bug bounty program through the Bugcrowd platform. Our bug bounty program is core to our external security testing strategy as it ensures that our products and platforms are being continuously tested for security vulnerabilities. The scope of our program covers our client-side software (browser extensions, mobile applications, SDKs, etc.) and SaaS network.

While we still rely on traditional penetration testing at regular intervals, we believe the bug bounty program has several advantages:

• Continuous coverage. The bug bounty program is always on. Traditional penetration tests are time-boxed and cannot keep up with an agile, frequently changing environment.
• Familiarity of testers. We've found that strong researchers that are interested in our product and technology stick around. They have become more familiar with our product than possible in traditional penetration tests.
• Size of the crowd. Traditional penetration tests have a small number of testers allocated to our project. Bugcrowd has an enormous crowd of researchers with more than 1,200 invited to our program.

Our program is current semi-public which has allowed us to invite a pool of researchers with specialties that align with our technology and maintain a low number of false positives; however, the program will likely become entirely public in the future.

Are you a security researcher this is interested in participating in our program? Reach out with your information (specifically your Bugcrowd user id and email address) and we can work with Bugcrowd to verify that your profile meets the criteria. If you believe you have already found a security vulnerability in our systems, please submit it using our vulnerability disclosure form.