Menu
Dropbox to pay security researchers for bugs

Dropbox to pay security researchers for bugs

Dropbox has not set a maximum reward

Dropbox said on Wednesday it will pay rewards to independent researchers who find software flaws in its applications, joining a growing list companies who see merit in crowdsourcing parts of their security testing.

The popular file storage service previously publicly recognized researchers, but did not pay a reward, also sometimes referred to as a bug bounty.

"In addition to hiring world class experts, we believe it's important to get all the help we can from the security research community, too," wrote Devdatta Akhawe, a Dropbox security engineer.

Facebook, Google, Yahoo and many other large companies pay researchers rewards that are often determined by the seriousness of the software flaw. Running such programs are more efficient than hiring more security engineers since a company's applications are analyzed by a larger number of people with diverse security skills.

Dropbox's program will be run through HackerOne, a company that has a secure platform that manages security vulnerability information and handles disclosure information and rewards.

Eligible programs are Dropbox's mobile applications, the photo viewer Carousel, its desktop client and the Dropbox Core SDK.

The smallest bounty is $US216. Dropbox hasn't set a maximum it will pay, but the largest so far has been $US4913. With the launch of the program, Akhawe wrote Dropbox would retroactively pay $US10,475 to those who reported critical bugs through its previous program.

The details on what bugs are eligible have been posted on Dropbox's HackerOne page.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags dropboxExploits / vulnerabilitiesHackerOne

Featured

Slideshows

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Show Comments