Drone Giant DJI Announces Software Bug Bounty Program With Prize Of Up To $30K
There is good money to be earned from being an software exterminator. Several companies have so-called bug bounty programs in place in which they pay out rewards for rooting out certain software flaws and vulnerabilities. DJI, a major player in consumer and professinal drones and aerial imaging technology, is the latest to the join the fray. Through its Threat Identification Reward Program, researchers can earn up to five figures per bug.
"Security researchers, academic scholars and independent experts often provide a valuable service by analyzing the code in DJI’s apps and other software products and bringing concerns to public attention," said DJI Director of Technical Standards Walter Stockwell. “"DJI wants to learn from their experiences as we constantly strive to improve our products, and we are willing to pay rewards for the discoveries they make."
Image Source: DJI
Qualifying bugs range from $100 to $30,000 a pop, depending on the potential impact of the threat. Full details on the payout scale are not yet available, though DJI is in the process of developing a website that will outline program terms and a standardized form for reporting potential threats related to it servers, apps, or hardware. We assume a detailed payout scale will be included in the mix as well.
What we do know is that DJI is interested in plugging a wide range of holes related to its drones, should they exist. A qualifying vulnerability might be one that creates a threat related to the integrity of confidential customer data, including details of their photos, videos, and flight logs. It could also have to do with issues that may cause an app to crash or affect flight safety, such as geofencing restrictions, flight altitude limits, and so forth.
"We want to engage with the research community and respond to their reasonable concerns with a common goal of cooperation and improvement," Stockwell said. "We value input from researchers into our products who believe in our mission to enable customers to use DJI products that are stable, reliable and trustworthy."
Anyone who is interested in participating can begin right away. Starting immediately, DJI is accepting bug reports at its email bugbounty at dji dot com, where they will be reviewed by technical experts.
"Security researchers, academic scholars and independent experts often provide a valuable service by analyzing the code in DJI’s apps and other software products and bringing concerns to public attention," said DJI Director of Technical Standards Walter Stockwell. “"DJI wants to learn from their experiences as we constantly strive to improve our products, and we are willing to pay rewards for the discoveries they make."
Image Source: DJI
Qualifying bugs range from $100 to $30,000 a pop, depending on the potential impact of the threat. Full details on the payout scale are not yet available, though DJI is in the process of developing a website that will outline program terms and a standardized form for reporting potential threats related to it servers, apps, or hardware. We assume a detailed payout scale will be included in the mix as well.
What we do know is that DJI is interested in plugging a wide range of holes related to its drones, should they exist. A qualifying vulnerability might be one that creates a threat related to the integrity of confidential customer data, including details of their photos, videos, and flight logs. It could also have to do with issues that may cause an app to crash or affect flight safety, such as geofencing restrictions, flight altitude limits, and so forth.
"We want to engage with the research community and respond to their reasonable concerns with a common goal of cooperation and improvement," Stockwell said. "We value input from researchers into our products who believe in our mission to enable customers to use DJI products that are stable, reliable and trustworthy."
Anyone who is interested in participating can begin right away. Starting immediately, DJI is accepting bug reports at its email bugbounty at dji dot com, where they will be reviewed by technical experts.
