Wickr offers 100.000$ Reward - Bug Bounty Program

In the beginning of the last february weeks there was only one hot topic for bug hunters the new "Wickr" Bug Bounty Programme. Two years ago a little company started to produce a high encrypted messaging app for mobile phones and computers called "Wickr". Wickr uses military grades of encryption and is made to self destruct information at points of communication.

To ensure that the software, communication and service/module implementions are secure, a new bug bounty program has been revealed to the public end of january 2014 Q1. In a statement, official of the Wickr Team said: "We expect finding critical vulnerabilities in Wickr to be difficult and are honored to work with those that do."

Wickrs CTO said: "Vulnerabilities that substantially affect the confidentiality or integrity of user data could qualify for the maximum reward (100.000$). Less severe bugs could garner a researcher $10,000 or more. Researchers are required not to publicize their discoveries for three months without written permission, giving Wickr time to review and fix potential issues. All incoming bug information should send to bugbounty@mywickr.com

After the program became public the vulnerability lab core team started to participate with the `usual suspects`. Everybody is welcome to participate in the public program. The program is not a regular bug hunting program more a encryption or crypto challenge combined with bugs to proof the exploitability. Since today there are several open questions by bughunter to the programme officials because of no obviously public statements to the challenge at the wickr website. The program is verified as trusted by several independent sources and the verification decision of bugs will be done by several independent judges.

Feel free to recomment the article by questions or share information to the public readers.

Reference(s):

https://www.mywickr.com/en/index.php