Menu
Dropbox to pay security researchers for bugs

Dropbox to pay security researchers for bugs

Dropbox has not set a maximum reward

Dropbox said on Wednesday it will pay rewards to independent researchers who find software flaws in its applications, joining a growing list companies who see merit in crowdsourcing parts of their security testing.

The popular file storage service previously publicly recognized researchers, but did not pay a reward, also sometimes referred to as a bug bounty.

"In addition to hiring world class experts, we believe it's important to get all the help we can from the security research community, too," wrote Devdatta Akhawe, a Dropbox security engineer.

Facebook, Google, Yahoo and many other large companies pay researchers rewards that are often determined by the seriousness of the software flaw. Running such programs are more efficient than hiring more security engineers since a company's applications are analyzed by a larger number of people with diverse security skills.

Dropbox's program will be run through HackerOne, a company that has a secure platform that manages security vulnerability information and handles disclosure information and rewards.

Eligible programs are Dropbox's mobile applications, the photo viewer Carousel, its desktop client and the Dropbox Core SDK.

The smallest bounty is $US216. Dropbox hasn't set a maximum it will pay, but the largest so far has been $US4913. With the launch of the program, Akhawe wrote Dropbox would retroactively pay $US10,475 to those who reported critical bugs through its previous program.

The details on what bugs are eligible have been posted on Dropbox's HackerOne page.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags dropboxsecurityHackerOneExploits / vulnerabilities

Featured

Slideshows

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Examining the changing job scene in the Kiwi channel

Examining the changing job scene in the Kiwi channel

Typically, the New Year brings new opportunities for personnel within the Kiwi channel. 2017 started no differently, with a host of appointments, departures and reshuffles across vendor, distributor and reseller businesses. As a result, the job scene across New Zealand has changed - here’s a run down of who is working where in the year ahead…

Examining the changing job scene in the Kiwi channel
​What are the top 10 tech trends for New Zealand in 2017?

​What are the top 10 tech trends for New Zealand in 2017?

Digital Transformation (DX) has been a critical topic for business over the last few years and IDC is now predicting a step change as DX reaches macroeconomic levels. By 2020 a DX economy will emerge and it will become the core of what New Zealand industries focus on. From the board level through to the C-Suite, Kiwi organisations must be prepared to think and act digital when the DX economy emerges in 2017.

​What are the top 10 tech trends for New Zealand in 2017?
Show Comments