FlowCrypt Public Bug Bounty Program Announcement

FlowCrypt is proud to announce the commencement of our first public bug bounty program! Security bug reports have been an invaluable source for FlowCrypt in the past, and we’re very happy to reward researchers who’ve taken the time to report security flaws. For example, Chris Baker received USD 1 000 for reporting a browser extension vulnerability that briefly exposed the encrypted private keys of a small subset of users. We’re excited to build on this positive experience and extend our collaboration with the broader security researcher community.

For complete, up-to-date information about scope and rewards, check out the bug bounty section of our documentation. There you can learn about what bugs qualify for a bounty, how to report a vulnerability, and what reward you might expect for your report.

Rewards up to EUR 5 000 are available for high-severity bugs. We look forward to receiving your reports and working together to strengthen our users’ privacy. Any concerns or suggestions related to the program that aren’t covered in the documentation can be sent to security@flowcrypt.com.

Happy hacking!

FlowCrypt Security Team