Since the launch of its bug bounty program in 2014, the file-hosting company Dropbox has paid out $1 million to date for vulnerabilities reported by researchers.
“Our bug bounty program recently passed a significant milestone. Since launching our program in 2014 and tripling our bounties in 2017, we’ve given more than $1,000,000 to bug bounty participants for valid findings submitted to our program.” reads the post published by DropBox. “Not only has Dropbox benefitted from our bug bounty program, but so have some of our most critical vendors who have remained active participants in our program.”
Currently, the bug bounty program covers the company’s websites, the Paper collaborative workspace service, and both desktop and mobile applications.
The researchers that report vulnerabilities in DropBox software could earn up to over $32,000 for critical remote code execution flaws in company servers.
DropBox paid over $318,000 via the HackerOne platform for nearly 300 vulnerabilities and $336,479 at a live hacking event held in Singapore in 2019.
“Dropbox and HackerOne invited 45 hackers from 11 countries including Singapore, the United States, Sweden, Canada, India, the Netherlands, Japan, Australia, Belgium, Hong Kong, The United Kingdom, and Portugal. They gathered to hack new scope and Dropbox core assets at Huone Event Center in the Clarke Quay area of Singapore.” reads the website of event. “In the days leading up to the event and over the course of 8 hacking hours at h1-65, 39 hackers reported 264 vulnerabilities across all applications and vendors in scope. In return, Dropbox paid $336,479 in bounties to hackers for their contributions to better security.”
The company highlights the importance of a bug bounty program for the security of its users and organizations that use the popular service.
“To those outside of the security community, it may seem counterintuitive that you can make your platform safer by encouraging security researchers to attack you, but that’s exactly the value that these programs deliver,” concluded Dropbox, “This process of discovering and remediating bugs is key to our maintaining a highly secure organization and increasingly hardened product surfaces.”
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – bug bounty, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
This website uses cookies.