Dropbox reveals bug bounty scheme
The minimum payout will be $216, but there's no maximum
Dropbox has formalised its bug bounty initiative, rewarding those who find security holes in the cloud storage service.
The company will use HackerOne's bug reporting interface, rewarding people who find bugs with a minimum of $216 (144). There's no upper limit to bounties, although to date, the largest payment Dropbox has made is $4913 (3282).
If multiple people report the same vulnerability, the first who discovered it would be rewarded. All Dropbox products, including the iOS and Android apps, desktop client and core SDK are eligible for rewards.
Dropbox security engineer Devdatta Akhawe said in a blog post: "While we work with professional firms for pentesting engagements and do our own testing in-house, the independent scrutiny of our applications has been an invaluable resource for our team allowing our team to tap into the expertise of the broader security community."
Dropbox had already collated a hall of fame for those researchers that have uncovered flaws , but taking cues from the likes of Google, Microsoft and Yahoo, the storage service decided to take this one step further, offering money as rewards rather than just the prestige of being listed as a bug-finder.
"Protecting the privacy and security of our users' information is a top priority for us at Dropbox. In addition to hiring world class experts, we believe it's important to get all the help we can from the security research community, too," Akhawe said.
Dropbox has recently stepped up its game when it comes to security after enterprises deemed it unfit for business use last year. Last October, hundreds of its customers' usernames and passwords were leaked, although the company was quick to say it wasn't a hack.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Clare is the founder of Blue Cactus Digital, a digital marketing company that helps ethical and sustainability-focused businesses grow their customer base.
Prior to becoming a marketer, Clare was a journalist, working at a range of mobile device-focused outlets including Know Your Mobile before moving into freelance life.
As a freelance writer, she drew on her expertise in mobility to write features and guides for ITPro, as well as regularly writing news stories on a wide range of topics.