File hosting service company Dropbox paid out $1 million for vulnerabilities reported by researchers through its bug bounty program.
Since the launch of its bug bounty program in 2014, the file-hosting company Dropbox has paid out $1 million to date for vulnerabilities reported by researchers.
“Our bug bounty program recently passed a significant milestone. Since launching our program in 2014 and tripling ourbounties in 2017, we’ve given more than $1,000,000 to bug bounty participants for valid findings submitted to our program.” reads the post published by DropBox. “Not only has Dropbox benefitted from our bug bounty program, but so have some of our most critical vendors who have remained active participants in our program.”
Currently, the bug bounty program covers the company’s websites, the Paper collaborative workspace service, and both desktop and mobile applications.
The researchers that report vulnerabilities in DropBox software could earn up to over $32,000 for critical remote code execution flaws in company servers.
DropBox paid over $318,000 via the HackerOne platform for nearly 300 vulnerabilities and $336,479 at a live hacking event held in Singapore in 2019.
“Dropbox and HackerOne invited 45 hackers from 11 countries including Singapore, the United States, Sweden, Canada, India, the Netherlands, Japan, Australia, Belgium, Hong Kong, The United Kingdom, and Portugal. They gathered to hack new scope and Dropbox core assets at Huone Event Center in the Clarke Quay area of Singapore.” reads the website of event. “In the days leading up to the event and over the course of 8 hacking hours at h1-65, 39 hackers reported 264 vulnerabilities across all applications and vendors in scope. In return, Dropbox paid $336,479 in bounties to hackers for their contributions to better security.”
The company highlights the importance of a bug bounty program for the security of its users and organizations that use the popular service.
“To those outside of the security community, it may seem counterintuitive that you can make your platform safer by encouraging security researchers to attack you, but that’s exactly the value that these programs deliver,” concluded Dropbox, “This process of discovering and remediating bugs is key to our maintaining a highly secure organization and increasingly hardened product surfaces.”
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
Pierluigi Paganini
February 05, 2020
