Storage service Dropbox has launched a bug bounty programme to encourage security researchers to pick holes in its products.
Bug bounties are seen as a cost-effective way to detect and fix flaws in online services that might otherwise suffer major financial and reputational damage in the event of a security breach. Bounties for the early detection of potentially serious flaws have been as high as $100,000.
Dropbox already rewards people whose research it has acted on by putting them on a wall of fame that it shares online. Now these bug hunters will be entitled to a financial reward, with the company having already paid out $10,475.
"Protecting the privacy and security of our users' information is a top priority for us at Dropbox. In addition to hiring world-class experts, we believe it's important to get all the help we can from the security research community, too," explained Devdatta Akhawe, a Dropbox security engineer.
"That's why we're excited to announce that starting today, we'll be recognizing security researchers for their effort through a bug bounty programme with HackerOne."
"These programmes provide an incentive for researchers to responsibly disclose software bugs, centralise reporting streams, and ultimately allow security teams to leverage the external community to help keep users safe."
Dropbox bounties start at $216, with the biggest so far being $4,913, but there is no upper cap set by the firm.
The rewards cover any bugs found in Dropbox, Carousel, Mailbox iOS and Android applications and equivalent web versions, the Dropbox desktop client and the Dropbox Core SDK.
Dropbox said that the bounty programme is part of its "commitment to privacy".
This is another step in our commitment to security and privacy," said Akhawe. "We look forward to working with security researchers and awarding them for their contributions to the security of all Dropbox users."
Why does Facebook store "my entire call history with my partner's mum", asks developer who requested his Facebook data
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Before Ocado could start selling the technology it had developed to other retailers, it had to tear down and rebuild its own monolithic architecture
Successful attack could result in harm to patients and financial loss, warns NHS governing body
Guccifer 2.0 claimed to be a lone Romanian hacker - until a schoolboy error gave him, her or them away