Until today, Dropbox merely recognized security researchers who found serious security holes in its software on a public hall of fame page. Today, the company is starting to provide monetary rewards.
In fact, Dropbox has decided to retroactively reward hackers who responsibly reported critical bugs in its applications. The company is paying out $10,475 to these security researchers today.
Dropbox’s program requires that security researchers do the following:
- Share the security issue with Dropbox in detail.
- Give Dropbox a reasonable time to respond to the issue before making any information about it public.
- Not access or modify user data without permission of the account owner.
- Act in good faith not to degrade the performance of Dropbox’s services (including denial of service).
This is pretty standard stuff for bug bounty programs. Other typical conditions also apply: Only the first reporter of a vulnerability is rewarded, you must report a qualifying vulnerability through the HackerOne reporting tool to be eligible, and public disclosure of the vulnerability prior to resolution will result in disqualification from the program.
More to follow
Dropbox is the home for your most important stuff—now we’re bringing it to life with a growing family of products. Today, over 300 million people across every continent rely on Dropbox to get stuff done. With offices around the wor… read more »
Powered by VBProfiles
VentureBeat’s VB Insight team is studying email marketing tools. Chime in here, and we’ll share the results.