Dropbox reveals bug bounty scheme

The minimum payout will be $216, but there's no maximum

Dropbox has formalised its bug bounty initiative, rewarding those who find security holes in the cloud storage service.

The company will use HackerOne's bug reporting interface, rewarding people who find bugs with a minimum of $216 (144). There's no upper limit to bounties, although to date, the largest payment Dropbox has made is $4913 (3282).

Advertisement - Article continues below

If multiple people report the same vulnerability, the first who discovered it would be rewarded. All Dropbox products, including the iOS and Android apps, desktop client and core SDK are eligible for rewards.

Dropbox security engineer Devdatta Akhawe said in a blog post: "While we work with professional firms for pentesting engagements and do our own testing in-house, the independent scrutiny of our applications has been an invaluable resource for our team allowing our team to tap into the expertise of the broader security community."

Dropbox had already collated a hall of fame for those researchers that have uncovered flaws , but taking cues from the likes of Google, Microsoft and Yahoo, the storage service decided to take this one step further, offering money as rewards rather than just the prestige of being listed as a bug-finder.

"Protecting the privacy and security of our users' information is a top priority for us at Dropbox. In addition to hiring world class experts, we believe it's important to get all the help we can from the security research community, too," Akhawe said.

Advertisement
Advertisement - Article continues below

Dropbox has recently stepped up its game when it comes to security after enterprises deemed it unfit for business use last year. Last October, hundreds of its customers' usernames and passwords were leaked, although the company was quick to say it wasn't a hack.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020
Visit/security/hacking/355382/whatsapps-flaw-shoulder-surfing
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
Visit/security/cyber-security/355368/microsoft-builds-ai-to-detect-security-flaws-with-99-accuracy
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020

Most Popular

Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
Visit/security/cyber-security/355797/microsoft-bans-trend-micros-rootkit-buster-from-windows-10
cyber security

Microsoft bans Trend Micro driver from Windows 10 for "cheating" hardware tests

27 May 2020
Visit/policy-legislation/data-protection/355835/nhs-yet-to-understand-the-risks-of-holding-test-and-trace
data protection

NHS yet to understand risks of holding Test and Trace data for 20 years

29 May 2020