HackerOne, the global hacker-powered security leader, announced results from private cloud-based solution provider Nextcloud’s bug bounty program.
Nextcloud provides industry-leading on-premises file sync and online collaboration technology to customers all over the world. Security is not just a priority, it’s a core component of its entire business strategy. Nextcloud’s solutions excel at giving their business customers the power to know where data is, who has access, and that even metadata does not leak. This requires a security-first approach to how they design, build, test, and position their products. Nextcloud has elevated security from a cost center to an integral part of their business and brand.
Nextcloud’s lightning fast response times are impressive and make them a model for how to build an efficient bug bounty triage and response process.
The Nextcloud security team has resolved more than 100 valid unique security vulnerabilities to date, while keeping their response time to under one-hour. This makes Nextcloud one of the most responsive security teams on HackerOne.
The Nextcloud security team embraced bug bounty program from the beginning as a way to add more resources, more skills, and more experience to their security team without adding more people. Since June 2016, Nextcloud worked with more than 100 uniquely skilled hackers to vastly expand their security by adding more resources, skills, and more experience to their security team without hiring more people.
Frank Karlitschek, Nextcloud Founder and Managing Director:
Nobody can hire enough engineers to protect against every possible vulnerability and threat, but we can use our bug bounty program to add on-demand expertise where we need it and continuous coverage nearly everywhere else. Security isn’t a feature for us, it is a strategy. We started Nextcloud on the premise of building a more secure solution and security is considered in everything we do.
Michiel Prins, co-founder HackerOne said:
Nextcloud’s lightning fast response times are impressive and make them a model for how to build an efficient bug bounty triage and response process. Their commitment to responsiveness and putting security first puts them in the best position to attract top hacker talent to continue to supplement the good work their internal security team is doing to protect customers.
As a cloud technology company within the European Union, and that stores customer data, Nextcloud was quick to put GDPR compliance features into its product. The HackerOne bug bounty program is more than just proof of Nextcloud’s security, it is an investment to protect against potential GDPR infractions through fast ongoing vulnerability detection and remediation.
For more on our approach to security as a competitive differentiator, including our top three tips for bug bounty success, check out the case study.
Nextcloud has been recognized with the World Summit Award Germany that selects and promotes local digital innovation improving society, aiming to contribute to the United Nations' agenda of sustainable development goals.
Read More
Nextcloud has been awarded Platinum at the IT Awards 2024. Today, we celebrate this win together!
Read More
The first ethical, open-source AI assistant that can get a multitude of tasks done for you without compromising your data.
Read More
Nextcloud Hub 9 lets you stay connected. Discover new federation features, workflow automation, big design overhaul and much much more in your favourite open-source collaboration platform!
Read More
DIE ZEIT, a prominent German outlet, interviewed Nextcloud’s founder Frank Karlitschek for an article on Microsoft’s anti-competitive behaviour on the European office software market. Read for a recap of the article and the key takeaways.
Read More
MagentaCLOUD’s migration to Nextcloud in 2021 resulted in a fully equipped Online Storage with an integrated online office suite that further improves the user experience, flexibility and security for customers.
Read More
We bring you a major update to the Nextcloud AI Assistant, plus the news we work with several big hosting providers like IONOS and OVHcloud to bring AI-as-a-Service options to you!
Read More
Bechtle and Nextcloud announce today a complete managed collaboration platform for the public sector that requires no tender and can be deployed immediately.
Read More
Discover how to make the switch from ownCloud to Nextcloud. Our quick guide provides insights into the migration process, helping you make the transition smoothly.
Read More
Today, US-based file sync & share vendor Kiteworks announced their acquisition of ownCloud and Dracoon. Kiteworks points out that their customers now have access to their file-sharing application. It is to be expected they will not maintain 3 similar products, but customers will have to migrate to the US firms’ platform or look for another […]
Read More
Nextcloud founder and CEO Frank Karlitschek earns the honorary SFS Award at the 20th annual SFSCON taking place in South Tyrol, Italy.
Read More
As part of Schleswig-Holstein's state digitization strategy, the state chancellery has announced they will work with Nextcloud to develop AI for working with government documents. This comes just after we announced the first private AI assistant last weekend with Hub 6. The German state already uses Nextcloud and their AI strategy aligns with our work on ethical, local AI technologies.
Read More
Over the last year, AI has become a popular topic. Some is hype, some is substance. Some is good, some is bad. We want to give you the good, not the bad, and ignore the hype! AI has a ton of opportunity – but also risk. So we put you in control – off by […]
Read More
Maintenance updates 28.0.12, 29.0.9 and 30.0.2 for Nextcloud Hub 7, 8 and 9 respectively are here! Read an update summary and access full changelog on the website.
Read More
Frank Dengler from audriga joins the Nextcloud Enterprise Day program with a keynote about migration from SharePoint to Nextcloud. Read this article for more details about the keynote and the speaker.
Read More
