Protecting Security Researchers | Dropbox Tech Blog

"Anything that stifles open security research is problematic because many of the advances in security that we all enjoy come from the wonderful combined efforts of the security research community. Motivated by recent events and discussions, we’ve realized that too few companies formally commit to avoiding many of the above behaviors."

Kudos to Dropbox for revisiting and updating their Vulnerability Disclosure Policy (VDP) to better ensure the security research community can operate openly and without fear of retribution for reporting vulns. DropBox leveraged HackerOne’s VDP guidelines, US DoJ Cyber Security unit’s VDP framework, and recent Senate testimony as resources to make the update.


Want to receive more content like this in your inbox?