HackerOne, the global hacker-powered security leader, announced results from private cloud-based solution provider Nextcloud’s bug bounty program.
Industry-leading on-premises file sync and collaboration
Nextcloud provides industry-leading on-premises file sync and online collaboration technology to customers all over the world. Security is not just a priority, it’s a core component of its entire business strategy. Nextcloud’s solutions excel at giving their business customers the power to know where data is, who has access, and that even metadata does not leak. This requires a security-first approach to how they design, build, test, and position their products. Nextcloud has elevated security from a cost center to an integral part of their business and brand.
Nextcloud’s lightning fast response times are impressive and make them a model for how to build an efficient bug bounty triage and response process.
The Nextcloud security team has resolved more than 100 valid unique security vulnerabilities to date, while keeping their response time to under one-hour. This makes Nextcloud one of the most responsive security teams on HackerOne.
Starting a bug bounty program
The Nextcloud security team embraced bug bounty program from the beginning as a way to add more resources, more skills, and more experience to their security team without adding more people. Since June 2016, Nextcloud worked with more than 100 uniquely skilled hackers to vastly expand their security by adding more resources, skills, and more experience to their security team without hiring more people.
Frank Karlitschek, Nextcloud Founder and Managing Director:
Nobody can hire enough engineers to protect against every possible vulnerability and threat, but we can use our bug bounty program to add on-demand expertise where we need it and continuous coverage nearly everywhere else. Security isn’t a feature for us, it is a strategy. We started Nextcloud on the premise of building a more secure solution and security is considered in everything we do.
Michiel Prins, co-founder HackerOne said:
Nextcloud’s lightning fast response times are impressive and make them a model for how to build an efficient bug bounty triage and response process. Their commitment to responsiveness and putting security first puts them in the best position to attract top hacker talent to continue to supplement the good work their internal security team is doing to protect customers.
As a cloud technology company within the European Union, and that stores customer data, Nextcloud was quick to put GDPR compliance features into its product. The HackerOne bug bounty program is more than just proof of Nextcloud’s security, it is an investment to protect against potential GDPR infractions through fast ongoing vulnerability detection and remediation.
For more on our approach to security as a competitive differentiator, including our top three tips for bug bounty success, check out the case study.
Bechtle und Nextcloud kündigen heute eine vollständig verwaltete Kollaborationsplattform für den öffentlichen Sektor an, die keiner Ausschreibung bedarf und sofort bereitgestellt werden kann.
Our mission is to help individuals, businesses and organizations achieve digital sovereignty and regain control over their data. Nextcloud Hub 5 marks a massive step forward towards achieving this mission, putting the power of AI into your hands – in a way that keeps you in control. New release, new possibilities Hub 5 builds on […]
Minor Nextcloud updates are released, carrying multiple stability and security improvements. As always, the upgrade process is designed to be safe and quick
Regain control of your time with Hub 8: improvements all around Hub, new apps, new AI features, new level of performance and comfort. Tune in and discover the next generation of collaboration.
We bring you a major update to the Nextcloud AI Assistant, plus the news we work with several big hosting providers like IONOS and OVHcloud to bring AI-as-a-Service options to you!
Wir speichern einige Cookies, um Besucher zu zählen und die Nutzung der Website zu erleichtern. Diese verlassen unseren Server nicht und dienen nicht der Verfolgung Ihrer online-Aktivitäten.
Weitere Informationen hierzu finden Sie in unserer Datenschutzrichtlinie. Anpassen