Dropbox has announced a new bug bounty program to encourage participation from the security research community in fortifying the cloud file sharing and storage platform.
As part of a joint bug bounty program with HackerOne, Dropbox will offer vulnerability disclosure rewards as an incentive for researchers to report bugs. The minimum bounty offered for qualifying bugs will be $216, and the maximum bounty paid out to this point has been $4,913. Duplicate bug reports will not be rewarded. Dropbox announced it will also retroactively reward researchers who’ve disclosed critical bugs in the past, paying out an additional $10,475 in bounty rewards.
Dropbox applications open to the bug bounty program include its flagship Dropbox, along with Carousel, and the Web and mobile applications for Dropbox, Mailbox and Carousel. The Dropbox Core SDK is also eligible.
Additional details regarding the Dropbox bug bounty program are available here.