Dropbox Bug Bounty Program: Independent Researchers To Be Paid For Identification Of Bugs
On Wednesday, Dropbox announced a “bug bounty program” in partnership with HackerOne to improve the security and privacy of its applications.
Dropbox posted a blog entry in which it explains that starting today, the company will “be recognizing security researchers for their effort through a bug bounty program with HackerOne.”
The researchers will work independently, and the rewards will be paid to those who will come up with identification of problems in Dropbox’s apps including Carousel and Mailbox for iOS and Android apps and others.
The task of finding software flaws, which researchers used to perform in past just for the sake of recognition, will be paid now as bug bounty. The least amount to be paid for qualifying bugs is $216. While for the maximum bounty, Dropbox has already been paying $4,913. But it hasn’t set an official amount limit for maximum bounty.
The file storage service is going to retroactively reward researchers, who identified serious bugs during its existing program, with $10,475 commencing today.
“In addition to hiring world class experts, we believe it’s important to get all the help we can from the security research community, too,” wrote Devdatta Akhawe, a Dropbox security engineer.
According to the blog post, if two researchers report the same bug, Dropbox will consider the initial report for rewards.
Bug Bounty programs are now considered as very effective means of improving security and privacy by many companies. Large companies including Facebook, Google, and Yahoo reward independent researchers for inspecting their apps.