Online service storage, synchronization and file sharing, Dropbox, was found with 264 vulnerabilities discovered by 45 hackers.
It will take about 319.300 $ to cover security issues and ensure the huge number of Dropbox users.
The revelation was made in the framework of the regular bug bounty program, in which Dropbox, Inc. is of great importance, since the safety is an essential ingredient.
ZDNet focused on one of the younger hackers, Jack Cable. Cable is 19 years old and works for HackerOne since his 16 years. Has participated in more than 100 events and has identified 250 vulnerabilities. Cable believes that the "maturity" of targeting systems is crucial and that vulnerabilities there are always. According to his words, when you always look you find something. The issue is how companies handle the issue when vulnerability is found.
Dropbox systems are "mature" (running Hacker One program from 2015). That is why more effort is needed to identify vulnerabilities.
Rewards are defined as follows:
- Remote Code Execution (RCE) on servers - 32768 $
- Significant Identity Bypass - 17576 $
- For forgery issues- 13824 $
- Cross-site scripting at dropbox.com (on all browsers) - 12167 $
The HackerOne platform has done fantastic work with bug bounty programs from 2012. It has the potential of 390.000 hackers and has organized over 1.300 bug bounty programs. The platform takes care of the detection of errors in order to protect and secure systems, applications, services and the Internet in general.