Dropbox paid more than $1 Million via its bug bounty program

File hosting service company Dropbox paid out $1 million for vulnerabilities reported by researchers through its bug bounty program.

Since the launch of its bug bounty program in 2014, the file-hosting company Dropbox has paid out $1 million to date for vulnerabilities reported by researchers.

“Our bug bounty program recently passed a significant milestone. Since launching our program in 2014 and tripling our bounties in 2017, we’ve given more than $1,000,000 to bug bounty participants for valid findings submitted to our program.” reads the post published by DropBox. “Not only has Dropbox benefitted from our bug bounty program, but so have some of our most critical vendors who have remained active participants in our program.”

Currently, the bug bounty program covers the company’s websites, the Paper collaborative workspace service, and both desktop and mobile applications.

The researchers that report vulnerabilities in DropBox software could earn up to over $32,000 for critical remote code execution flaws in company servers.

DropBox paid over $318,000 via the HackerOne platform for nearly 300 vulnerabilities and $336,479 at a live hacking event held in Singapore in 2019.

“Dropbox and HackerOne invited 45 hackers from 11 countries including Singapore, the United States, Sweden, Canada, India, the Netherlands, Japan, Australia, Belgium, Hong Kong, The United Kingdom, and Portugal. They gathered to hack new scope and Dropbox core assets at Huone Event Center in the Clarke Quay area of Singapore.” reads the website of event. “In the days leading up to the event and over the course of 8 hacking hours at h1-65, 39 hackers reported 264 vulnerabilities across all applications and vendors in scope. In return, Dropbox paid $336,479 in bounties to hackers for their contributions to better security.”

The company highlights the importance of a bug bounty program for the security of its users and organizations that use the popular service.

“To those outside of the security community, it may seem counterintuitive that you can make your platform safer by encouraging security researchers to attack you, but that’s exactly the value that these programs deliver,” concluded Dropbox, “This process of discovering and remediating bugs is key to our maintaining a highly secure organization and increasingly hardened product surfaces.”

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – bug bounty, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.