Dropbox paid more than $1 Million via its bug bounty program

File hosting service company Dropbox paid out $1 million for vulnerabilities reported by researchers through its bug bounty program.

Since the launch of its bug bounty program in 2014, the file-hosting company Dropbox has paid out $1 million to date for vulnerabilities reported by researchers.

“Our bug bounty program recently passed a significant milestone. Since launching our program in 2014 and tripling our bounties in 2017, we’ve given more than $1,000,000 to bug bounty participants for valid findings submitted to our program.” reads the post published by DropBox. “Not only has Dropbox benefitted from our bug bounty program, but so have some of our most critical vendors who have remained active participants in our program.”

Currently, the bug bounty program covers the company’s websites, the Paper collaborative workspace service, and both desktop and mobile applications.

The researchers that report vulnerabilities in DropBox software could earn up to over $32,000 for critical remote code execution flaws in company servers.

DropBox paid over $318,000 via the HackerOne platform for nearly 300 vulnerabilities and $336,479 at a live hacking event held in Singapore in 2019.

“Dropbox and HackerOne invited 45 hackers from 11 countries including Singapore, the United States, Sweden, Canada, India, the Netherlands, Japan, Australia, Belgium, Hong Kong, The United Kingdom, and Portugal. They gathered to hack new scope and Dropbox core assets at Huone Event Center in the Clarke Quay area of Singapore.” reads the website of event. “In the days leading up to the event and over the course of 8 hacking hours at h1-65, 39 hackers reported 264 vulnerabilities across all applications and vendors in scope. In return, Dropbox paid $336,479 in bounties to hackers for their contributions to better security.”

The company highlights the importance of a bug bounty program for the security of its users and organizations that use the popular service.

“To those outside of the security community, it may seem counterintuitive that you can make your platform safer by encouraging security researchers to attack you, but that’s exactly the value that these programs deliver,” concluded Dropbox, “This process of discovering and remediating bugs is key to our maintaining a highly secure organization and increasingly hardened product surfaces.”

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
catch (error) {}

Pierluigi Paganini

(SecurityAffairs – bug bounty, hacking)

The post Dropbox paid more than $1 Million via its bug bounty program appeared first on Security Affairs.