Proton’s partnership with Bug Bounty Switzerland continues

Share this page

Updated October 10, 2022

The Proton community trusts us to keep their information secure and private, and we take this trust seriously. That is why we are excited to announce that we will continue working with Bug Bounty Switzerland(new window) as part of our bug bounty program. Bug Bounty Switzerland has managed successful bug bounty programs for some of the largest Swiss companies, and our collaboration yielded impressive results.

In the past 10 months, over 30 vulnerability reports were submitted, 19 of which led to bounty awards amounting to more than €23,000. We would like to thank all the security researchers and ethical hackers who have contributed to our bug bounty program. Your work is helping keep the entire Proton community safe and advancing privacy around the world.

Since our partnership with Bug Bounty Switzerland began, Proton launched a new website, a new logo, and a unified encrypted ecosystem. With the new Proton, you can easily share information between Proton Mail, Proton Calendar, and Proton Drive while keeping it securely encrypted the entire time. This new ecosystem increases the functionality and usefulness of each individual service, but these interactions also increase the potential attack surface for bad actors. 

If you’re a hacker or security researcher with experience identifying and addressing penetration techniques used by nation-states and criminal organizations, we invite you to participate in our bug bounty program.  

We’re specifically looking for demonstrated expertise in the following areas:

  • Finding vulnerabilities in email and communication systems
  • Compromising encryption techniques
  • Compromising backend APIs
  • Hacking mobile applications, Windows, Linux, or macOS systems
  • Researching VPN technology

Proton will reward people for reporting vulnerabilities in our products. Key focus areas include:

  • Vulnerabilities that will compromise a Proton user’s personal data
  • Compromising Proton’s encryption (password leaks, private keys, etc.)
  • The ability to demonstrate unauthorized access to customer data (such as email, contacts, calendar, etc.)
  • Demonstrating EOP, sensitive information disclosure, or availability vulnerabilities in Proton products
  • Compromising Proton API or server infrastructure
  • Demonstrating the ability to compromise applications running on mobile devices, Windows, Linux, and Apple

We’ve expanded our bug bounty program to cover new Proton Calendar and Proton Drive apps for iOS, Android, and Windows (including apps that are in beta). You can see which apps are within the scope of our bug bounty program on our vulnerability disclosure policy.

Proton strives to maintain the highest software security standards for our products, and we’re innovators when it comes to the development and application of end-to-end encrypted services. We are committed to working closely with security researchers to ensure that our products are as secure as possible. If you find a qualifying bug, we will publicly acknowledge your contribution and reward you with a bounty. You can apply to be part of our bug bounty program(new window).

Protect your privacy with Proton
Create a free account

Share this page

Richie Koch

Prior to joining Proton, Richie spent several years working on tech solutions in the developing world. He joined the Proton team to advance the rights of online privacy and freedom.

Related articles

If you’ve ever uploaded a file or a video online to share with someone, chances are you’ve used a cloud storage service.  Unlike traditional forms of data storage (such as hard drives), cloud storage uses servers in off-site locations to store data,
Phishing scams try to trick you into revealing sensitive data or downloading malware, often leading to identity theft, credit card fraud, or other cybercrime. Learn all about phishing and how to prevent it. With billions of phishing emails sent dail
Around 50% of all emails contain trackers that spy on your email activity — over 160 billion messages sent every day. Here’s how they work and how to block them. Working silently in the background, email trackers not only monitor how you respond to
With over 33 million registered users and more than 100,000 business customers, LastPass is one of the world’s most popular password managers. After an escalating series of highly-damaging disclosures over the last few months, LastPass has now admitt
Email headers are the hidden part of emails containing vital information to identify and authenticate messages. Learn how to read them to spot spam and stay secure. Have you received an unexpected email from a strange address? Is it actually from so
The United States is notoriously weak on privacy laws. With its secret surveillance courts and all-powerful spy agencies, the US has many tools to collect data on people within its jurisdiction and beyond. Recently, that power has been used to prose