Dropbox launches 'limitless' bug bounty programme

Cloud storage company Dropbox has partnered with HackerOne to launch a new bug bounty programme, which will pay-out on vulnerabilities relating to Dropbox, Carousel and Mailbox for the iOS and Android apps. It also covers the Dropbox and Carousel web applications, the Dropbox desktop app and the Dropbox Core SDK. In addition, the company said in a blog post that it is open to rewards for “novel or particularly interesting bugs” in other Dropbox applications.

The minimum bounty for qualifying bugs is US$ 216 (£144.65) and the maximum bounty paid to date is US$ 4,913 (£3,290). However, the company says there is no official maximum.

The firm, which has a growing presence in enterprise mainly as a result of the Bring Your Own Device (BYOD) trend, also intends to retrospectively reward researchers who have reported critical bugs within its existing program, and will pay out US$ 10,475 (£7,015) today. Should there be two researchers reporting the same vulnerability, the first on record will be rewarded.