Those who love to find faults, here’s 1 more opportunity. Bug hunters now have yet another program to earn some moolah.
Cloud storage service Dropbox has just announced a bug bounty program. Not only that, it has already paid US $10,475 to those who had earlier found critical errors in it.
According to a post on its official blog, Dropbox said protecting the privacy & security of its users’ information was top priority. In addition to hiring world class experts, it had decided to also take the help of the Online security research community. That’s why, it had decided to launch a bug bounty program with HackerOne.
Bug bounties (or vulnerability rewards programs) are used by many leading companies to improve the security of their products. These programs provide an incentive for researchers to responsibly disclose software bugs, centralize reporting streams.
Here are some additional details about the program:
- There’s no official maximum bounty
- The minimum bounty for qualifying bugs is $216, & the maximum bounty Dropbox has paid out till now is US $4913
- For now, the Dropbox, Carousel, & Mailbox iOS & Android applications; the Dropbox & Carousel Web applications; the Dropbox desktop client as well as the Dropbox Core SDK are eligible for the bounty program
You can find more details about the rewards program on our HackerOne page.
To promote the discovery and reporting of vulnerabilities and increase user safety, bounty hunters need to:
- Share the security issue in detail
- Give Dropbox reasonable time to respond to the issue before making any information about it public
- Not access or modify user data without permission of the account owner
- Act in good faith not to degrade the performance of Dropbox services (including denial of service)
Only the 1st reporter of a vulnerability shall be eligible for a reward in case of duplicate reporting.
You may want to read: Dropbox offers new payment option for European users
Image Credit: Dropbox/HackerOne
•Share This•