HackerOne, the global hacker-powered security leader, announced results from private cloud-based solution provider Nextcloud’s bug bounty program.
Industry-leading on-premises file sync and collaboration
Nextcloud provides industry-leading on-premises file sync and online collaboration technology to customers all over the world. Security is not just a priority, it’s a core component of its entire business strategy. Nextcloud’s solutions excel at giving their business customers the power to know where data is, who has access, and that even metadata does not leak. This requires a security-first approach to how they design, build, test, and position their products. Nextcloud has elevated security from a cost center to an integral part of their business and brand.
Nextcloud’s lightning fast response times are impressive and make them a model for how to build an efficient bug bounty triage and response process.
The Nextcloud security team has resolved more than 100 valid unique security vulnerabilities to date, while keeping their response time to under one-hour. This makes Nextcloud one of the most responsive security teams on HackerOne.
Starting a bug bounty program
The Nextcloud security team embraced bug bounty program from the beginning as a way to add more resources, more skills, and more experience to their security team without adding more people. Since June 2016, Nextcloud worked with more than 100 uniquely skilled hackers to vastly expand their security by adding more resources, skills, and more experience to their security team without hiring more people.
Frank Karlitschek, Nextcloud Founder and Managing Director:
Nobody can hire enough engineers to protect against every possible vulnerability and threat, but we can use our bug bounty program to add on-demand expertise where we need it and continuous coverage nearly everywhere else. Security isn’t a feature for us, it is a strategy. We started Nextcloud on the premise of building a more secure solution and security is considered in everything we do.
Michiel Prins, co-founder HackerOne said:
Nextcloud’s lightning fast response times are impressive and make them a model for how to build an efficient bug bounty triage and response process. Their commitment to responsiveness and putting security first puts them in the best position to attract top hacker talent to continue to supplement the good work their internal security team is doing to protect customers.
As a cloud technology company within the European Union, and that stores customer data, Nextcloud was quick to put GDPR compliance features into its product. The HackerOne bug bounty program is more than just proof of Nextcloud’s security, it is an investment to protect against potential GDPR infractions through fast ongoing vulnerability detection and remediation.
For more on our approach to security as a competitive differentiator, including our top three tips for bug bounty success, check out the case study.
Retoma el control de tu tiempo con Hub 8: mejoras en todo Hub, nuevas aplicaciones, nuevas funciones de IA, nuevo nivel de rendimiento y comodidad. Descubre la nueva generación de colaboración.
The Nextcloud Conference is not your average event - it's a community meetup that brings together Nextcloud enthusiasts, contributors, developers, users and industry experts from all over the world.
Minor Nextcloud updates are released, carrying multiple stability and security improvements. As always, the upgrade process is designed to be safe and quick
Guardamos algunas cookies para contar los visitantes y facilitar el uso del sitio. Esto no sale de nuestro servidor y no es para rastrearte personalmente. Consulta nuestra política de privacidad para obtener más información. Personalización
Las cookies estadísticas recopilan información de forma anónima y nos ayudan a comprender cómo utilizan nuestro sitio web nuestros visitantes. Utilizamos Matomo en nuestras instalaciones
Matomo
_pk_ses*: Cuenta la primera visita del usuario
_pk_id*: Ayuda a no contar dos veces las visitas.