This article was published on April 15, 2015

Dropbox teams up with HackerOne for bug bounty program


Dropbox teams up with HackerOne for bug bounty program

Dropbox has announced a new partnership with HackerOne to help the company reign in security breaches and protect user information, according to a Dropbox blog entry posted today.

The new bug bounty program augments Dropbox’s existing in-house operation.

The scrutiny centers on Dropbox, Carousel and Mailbox for iOS and Android apps. It also covers the Dropbox and Carousel Web apps; the Dropbox desktop app and the Dropbox Core SDK. The company says it is also open to rewards for “novel or particularly interesting bugs” in other Dropbox applications.

The minimum bounty for qualifying bugs is $216 and the maximum bounty already paid is $4,913, but the company says there is no official maximum.

The <3 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

Dropbox says it is retroactively rewarding researchers who have reported critical bugs within its existing program, and is paying out a total of $10,475 today.

If there are duplicate reports, the first one on record will be rewarded.

There’s nothing new about such Bug Bounty programs (aka vulnerability rewards), and many companies use them to improve security by opening up their apps to independent observers.

At this writing, Dropbox has acknowledged 25 bugs closed and 24 hackers thanked.

➤ Introducing our bug bounty program [Dropbox]

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with