Menu
Dropbox to pay security researchers for bugs

Dropbox to pay security researchers for bugs

Dropbox has not set a maximum reward

Dropbox said on Wednesday it will pay rewards to independent researchers who find software flaws in its applications, joining a growing list companies who see merit in crowdsourcing parts of their security testing.

The popular file storage service previously publicly recognized researchers, but did not pay a reward, also sometimes referred to as a bug bounty.

"In addition to hiring world class experts, we believe it's important to get all the help we can from the security research community, too," wrote Devdatta Akhawe, a Dropbox security engineer.

Facebook, Google, Yahoo and many other large companies pay researchers rewards that are often determined by the seriousness of the software flaw. Running such programs are more efficient than hiring more security engineers since a company's applications are analyzed by a larger number of people with diverse security skills.

Dropbox's program will be run through HackerOne, a company that has a secure platform that manages security vulnerability information and handles disclosure information and rewards.

Eligible programs are Dropbox's mobile applications, the photo viewer Carousel, its desktop client and the Dropbox Core SDK.

The smallest bounty is $US216. Dropbox hasn't set a maximum it will pay, but the largest so far has been $US4913. With the launch of the program, Akhawe wrote Dropbox would retroactively pay $US10,475 to those who reported critical bugs through its previous program.

The details on what bugs are eligible have been posted on Dropbox's HackerOne page.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags dropboxsecurityHackerOneExploits / vulnerabilities

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Show Comments