FlowCrypt Bug Bounty Program

FlowCrypt is proud to announce the commencement of our first public bug bounty program! Security bug reports have been an invaluable source for FlowCrypt in the past, and we’re very happy to recompense researchers who’ve take the time to report security flaws. Chris Baker, for example, received $1,000 USD for reporting a browser extension vulnerability for reporting a vulnerability that briefly exposed the encrypted private keys of a small subset of users. We are excited to build on this positive experience and extend our collaboration with the broader security researcher community.

For complete, up to date information about scope and rewards, check out the bug bounty section of our documentation. There you can learn about what bugs qualify for a bounty, how to report a vulnerability, and what reward you might expect for your report.

Rewards up to $5,000 USD are available for high severity bugs. We look forward to receiving your reports and working together to strengthen our users’ privacy. Any concerns or suggestions related to the program that aren’t covered in the documentation can be sent to security@flowcrypt.com

Happy hacking!

- The FlowCrypt Security Team