Dropbox to pay security researchers for bugs
Dropbox said Wednesday it will pay rewards to independent researchers who find software flaws in its applications, joining a growing list companies who see merit in crowdsourcing parts of their security testing.
The popular file storage service previously publicly recognized researchers, but did not pay a reward, also sometimes referred to as a bug bounty.
“In addition to hiring world class experts, we believe it’s important to get all the help we can from the security research community, too,” wrote Devdatta Akhawe, a Dropbox security engineer.
Facebook, Google, Yahoo and many other large companies pay researchers rewards that are often determined by the seriousness of the software flaw. Running such programs are more efficient than hiring more security engineers since a company’s applications are analyzed by a larger number of people with diverse security skills.