Vulnerability Management

Dropbox launches bug bounty program


Dropbox launched its bug bounty program on Wednesday through HackerOne.

In addition to setting standards for future rewards, the company retroactively paid researchers who reported critical bugs in the company's applications, according to a Dropbox blog post. The company doled out $10,475 in rewards for prior discoveries.

Researchers will receive a minimum of $216 for qualifying bugs, and although there is no maximum, the highest payout has been $4,913.

Eligible applications include Dropbox, Carousel, and Mailbox iOS and Android applications; the Dropbox and Carousel web applications; the Dropbox desktop client and the Dropbox Core SDK.

Other applications are likely to be ineligible for monetary rewards, but researchers could be included on the company's “Special Thanks” page.

“We look forward to working with security researchers and awarding them for their contributions to the security of all Dropbox users,” the company wrote.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.