Keeping user information safe and secure is a top priority and a core company value for us at Dropbox. We welcome the contribution of external security researchers and look forward to awarding them for their valuable contributions to the security of all Dropbox users. Please make sure you review the following program rules before you report a vulnerability.
Dropbox may, at its sole discretion, provide rewards to eligible reporters of qualifying vulnerabilities.
Dropbox may choose to pay higher rewards for unusually clever or severe vulnerabilities. For vulnerabilities that require significant or unusual user interaction, the rewards may be lower. Adjustments for higher bounty awards will only be made if the severity of the issue is determined to be higher, not due to any past payout award levels.
Scope and rewards
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email firstname.lastname@example.org. We will address your issue as soon as possible.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.