Dropbox reveals bug bounty scheme

The minimum payout will be $216, but there's no maximum

Dropbox has formalised its bug bounty initiative, rewarding those who find security holes in the cloud storage service.

The company will use HackerOne's bug reporting interface, rewarding people who find bugs with a minimum of $216 (144). There's no upper limit to bounties, although to date, the largest payment Dropbox has made is $4913 (3282).

If multiple people report the same vulnerability, the first who discovered it would be rewarded. All Dropbox products, including the iOS and Android apps, desktop client and core SDK are eligible for rewards.

Dropbox security engineer Devdatta Akhawe said in a blog post: "While we work with professional firms for pentesting engagements and do our own testing in-house, the independent scrutiny of our applications has been an invaluable resource for our team allowing our team to tap into the expertise of the broader security community."

Dropbox had already collated a hall of fame for those researchers that have uncovered flaws , but taking cues from the likes of Google, Microsoft and Yahoo, the storage service decided to take this one step further, offering money as rewards rather than just the prestige of being listed as a bug-finder.

"Protecting the privacy and security of our users' information is a top priority for us at Dropbox. In addition to hiring world class experts, we believe it's important to get all the help we can from the security research community, too," Akhawe said.

Dropbox has recently stepped up its game when it comes to security after enterprises deemed it unfit for business use last year. Last October, hundreds of its customers' usernames and passwords were leaked, although the company was quick to say it wasn't a hack.

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

Putin open to handing cyber criminals over to US
hacking

Putin open to handing cyber criminals over to US

14 Jun 2021
Futurex‌ ‌and Google enable‌ ‌client-side‌ ‌Google‌ ‌Workspace encryption‌
Google Docs

Futurex‌ ‌and Google enable‌ ‌client-side‌ ‌Google‌ ‌Workspace encryption‌

14 Jun 2021
The complete guide to building a security awareness programme that works
Whitepaper

The complete guide to building a security awareness programme that works

14 Jun 2021
2021 state of the phish
Whitepaper

2021 state of the phish

14 Jun 2021

Most Popular

Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021
Fastly blames software bug for major outage
public cloud

Fastly blames software bug for major outage

9 Jun 2021
GitHub to prohibit code that’s used in active attacks
cyber security

GitHub to prohibit code that’s used in active attacks

7 Jun 2021