We first launched our bug bounty program in 2014, with initial bounties for critical bugs in the range of $5,000, ramping up to (currently) over $10,000 for critical bugs. Over the past three years, leading security researchers from around the world have participated in our programs with some amazing, often original research. Beyond just the individual bugs, we have learned many a lesson, uncovering unique, interesting threats, exploit vectors, and new research as well as rejigged our priorities based on the bug bounty reports. From Dropbox and all our users, a big THANK YOU to all the researchers that help secure Dropbox for our users!
Dropbox is recognizing security researchers for submitting security bugs through a bug bounty program with HackerOne and Bugcrowd. Whether you’re a security bug guru or a complete newbie, we want to make it as easy as possible to submit any bugs you find!
To this end, we’ve compiled the top 5 security bug report tips from our very own Security Engineers:
- Build a stronger report by including information on the actual and potential impact of the vulnerability, as well as details of how it could be exploited.
- Include the methodology you used to find the bug,