Security News > 2020 > February > Dropbox Paid Out Over $1 Million Through Bug Bounty Program

Dropbox Paid Out Over $1 Million Through Bug Bounty Program
2020-02-04 17:52

File hosting company Dropbox says it has awarded researchers over $1 million for vulnerabilities reported through its bug bounty program.

Dropbox launched its bug bounty program in 2014 and in April 2015 it announced a program on the HackerOne platform.

The bug bounty program currently covers the company's main websites, its Paper collaborative workspace service, and its desktop and mobile applications.

Rewards range between $216 and over $32,000, with the top amount offered for critical remote code execution vulnerabilities affecting Dropbox servers.

Dropbox has also shared a list of its favorite bug reports, which includes vulnerabilities that could have been exploited to access password-protected documents, gain access to a user's Paper documents, access internal Dropbox services via server-side request forgery, steal file content, and perform ImageTragick attacks.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/ET_6YLlotl8/dropbox-paid-out-over-1-million-through-bug-bounty-program

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Dropbox 5 2 6 3 2 13