Dropbox has formalised its bug bounty initiative, rewarding those who find security holes in the cloud storage service.
The company will use HackerOne's bug reporting interface, rewarding people who find bugs with a minimum of $216 (144). There's no upper limit to bounties, although to date, the largest payment Dropbox has made is $4913 (3282).
If multiple people report the same vulnerability, the first who discovered it would be rewarded. All Dropbox products, including the iOS and Android apps, desktop client and core SDK are eligible for rewards.
Dropbox security engineer Devdatta Akhawe said in a blog post: "While we work with professional firms for pentesting engagements and do our own testing in-house, the independent scrutiny of our applications has been an invaluable resource for our team allowing our team to tap into the expertise of the broader security community."
Dropbox had already collated a hall of fame for those researchers that have uncovered flaws , but taking cues from the likes of Google, Microsoft and Yahoo, the storage service decided to take this one step further, offering money as rewards rather than just the prestige of being listed as a bug-finder.
"Protecting the privacy and security of our users' information is a top priority for us at Dropbox. In addition to hiring world class experts, we believe it's important to get all the help we can from the security research community, too," Akhawe said.
Dropbox has recently stepped up its game when it comes to security after enterprises deemed it unfit for business use last year. Last October, hundreds of its customers' usernames and passwords were leaked, although the company was quick to say it wasn't a hack.
-
Should your business start a bug bounty program?In-depth Big tech firms including Google, Apple and Microsoft offer bug bounty programs, but can they benefit smaller businesses too?
-
OpenAI to pay up to $20k in rewards through new bug bounty programNews The move follows a period of unrest over data security concerns
-
Windows 11 System Restore bug preventing users from accessing appsNews Microsoft has issued a series of workarounds for the issue which is affecting a range of apps including Office and Terminal
-
Windows 10 users encounter ‘blue screen of death’ after latest Patch Tuesday updateNews Microsoft said it is working on a fix for the issue and has offered users a temporary workaround
-
SpaceX bug bounty offers up to $25,000 per Starlink exploitNews The spacecraft manufacturer has offered white hats immunity to exploit a wide range of Starlink systems, with a dedicated report page
-
Microsoft announces lucrative new bug bounty awards for M365 products and servicesNews The new awards will focus on scenario-based weaknesses and offer bonuses of up to 30% for the most severe bugs
-
Adobe forced to patch its own failed security updateNews Company issues new fix for e-commerce vulnerability after researchers bypass the original update
-
Google doubles bug bounty rewards for Linux, Kubernetes exploitsNews The increased rewards are said to align better with the community's expectations of a bug bounty programme of this kind
