DJI will pay you $100 to $30,000 for reporting software issues

msinger

Approved Vendor
Joined
Oct 30, 2014
Messages
31,957
Reaction score
10,787
Location
Harrisburg, PA (US)
Website
phantomhelp.com
"DJI, the world’s leader in civilian drones and aerial imaging technology, is establishing a “bug bounty” program to reward people who discover security issues with DJI software. The DJI Threat Identification Reward Program is part of an expanded commitment to work with researchers and others to responsibly discover, disclose and remediate issues that could affect the security of DJI’s software."

"Rewards for qualifying bugs will range from $100 to $30,000, depending on the potential impact of the threat. DJI is developing a website with full program terms and a standardized form for reporting potential threats related to DJI’s servers, apps or hardware. Starting today, bug reports can be sent to [email protected] for review by technical experts."

See more details on DJI's website here.
 
Good way to turn hackers into working for your company.
 
  • Like
Reactions: capposteve
A lot of companies are doing this these days. It's a smart move on DJI's part.
 
just the fact dji is doing this makes me feel better. its amazing how little attention some companies give security.

these drones are very smart, and the smarter tech the larger the attack surface, and the potential for it to be used maliciously.
 
A lot of companies are doing this these days. It's a smart move on DJI's part.
Wow i got phone call Ontario lastnite,about selling software as second job ,related ,,i thought someone was scaming me so i hang up call
 
Good way to turn hackers into working for your company.
This is the first thing I thought of when reading it to me hacking a companies software without getting credit for it is OK but when someone hands you a check in your name ( getting credit to prevent others from doing it ) is way better, good move or just good PR
 
This is the first thing I thought of when reading it to me hacking a companies software without getting credit for it is OK but when someone hands you a check in your name ( getting credit to prevent others from doing it ) is way better, good move or just good PR
You get different kinds of people applying for a bug bounty. There are the professional, "white hat", researchers who come across and actively search for security problems. You have the person who comes across a security flaw more or less by accident (not really applicable here). And you have the people who look for flaws as a way to game the system and want the bounty because it's worth more than what they could get for exploiting it.

The best way to squash a security flaw is to expose it. There's a great article in Wired about a guy who who went on a burglary spree, enabled by a flaw in the electronic door locks used in just about every motel and hotel. At a conference, a guy showed how to make an Arduino device that could open any hotel lock made Onity. Onity chose not to make free updates and this one guy robbed around 100 hotels before he was caught. Onity was forced to cut deals with the hotels to fix the problem.
 

Members online

Forum statistics

Threads
143,066
Messages
1,467,354
Members
104,933
Latest member
mactechnic