Helm is pleased to announce the launch of a security program dedicated to providing customers the utmost protection from hacking and surveillance. We take a three-tier approach to protecting our customers’ privacy and security through our bug bounty program, security assessments and audits, and research community vulnerability reporting.
Starting January 24, 2019, we are excited to offer a total bounty of $20,000 for eligible vulnerabilities found in the Helm Personal Server. In partnership with the leading cybersecurity platform, Bugcrowd, we are engaging a community of researchers and hackers to discover Helm network, hardware, and software vulnerabilities. Rewards will be paid through the bug bounty program on Bugcrowd.
We also partnered with Atredis, leaders in penetration testing and embedded security assessments, to put the Helm server and services through their paces. Atredis thoroughly reviewed the Helm server along with supporting backend services and our mobile apps for security flaws.
Helm welcomes the external security community to find and submit bugs to firstname.lastname@example.org. These discoveries are eligible for public recognition. We will usually be in touch within 24 hours. All submissions will be reviewed within our program criteria. We request that all security researchers:
● Respect the GDPR data protection principles
● Respect users’ privacy
● Promptly report any issues
● Never exploit vulnerabilities without explicit permissions
● Make good faith efforts to not access or destroy users’ data
● Work with Helm to clarify discovered issues
● Never publicly disclose or announce the vulnerability to third parties
Helm is committed to prioritizing security and resolving issues promptly and transparently. We will disclose bug reports and fixes through our blog as well as publicly recognize contributions that help improve the product when mutually agreed upon.
We appreciate all of your efforts in making Helm the most secure and private personal server available. Happy hacking!
CTO & Co-Founder