Today we are happy to announce the Nextcloud bug bounty program. We offer some of the highest bounties in the open source software industry, rewarding responsible disclosure with up to $5,000 for qualifying vulnerabilities!
We have partnered with the HackerOne platform because of its extraordinary popularity among IT security professionals. More than 3,000 hackers have reported over 24,000 bugs via the platform. Running a program on HackerOne allows us to quickly leverage the collective knowledge of a huge amount of these security experts.
“We are thrilled to welcome Nextcloud to the HackerOne community and have the opportunity to again work with Lukas Reschke”, said Marten Mickos, CEO of HackerOne. “Reschke’s experience with open source and running competitive bug bounty programs at scale is sure to benefit Nextcloud security and its customers.”
While we do perform internal research and add pro-active security hardenings all the time (a prominent example being the introduction of same-site cookies) we are always looking for external input as well. Few limitations and exclusions as well as some of the highest rewards in the open source world for responsible disclosure will serve to attract the kind of professional expertise needed to turn this into a success.
We’re confident in our code base and our work and with this project we will bring the Nextcloud security to an even higher level.
| Impact | Definition | Maximum possible reward |
| Critical | Gaining remote code execution on the server as unauthenticated user. (i.e. RCE) | $5,000 |
| High | Gaining access to complete user data of any other user. (i.e. Auth Bypass) | $2,000 |
| Medium | Limited disclosure of user data or attacks granting access to a single users’ user session. (i.e. XSS) | $750 |
| Low | Very limited disclosure of user data or attacks involving a very high unlikely amount of user interaction. | $250 |
Note that our websites (nextcloud.com and nextcloud.org) are NOT part of the program, only the software you can find on our install page.
Get started now at hackerone.com/nextcloud and help make Nextcloud even more awesome!
Ti presentiamo Nextcloud Talk “Munich”, la piattaforma di comunicazione open source e digitalmente sovrana per i team ibridi, che rappresenta una solida alternativa ai cloud delle Big Tech. Ora ancora più resiliente, potente e facile da utilizzare fin da subito. Per saperne di più.
Per saperne di più
Dai il benvenuto Nextcloud Hub 10. La nostra ultima versione è caratterizzata da prestazioni migliorate in ogni app, una maggiore integrazione in tutta la piattaforma e decine di nuove funzionalità che ti faciliteranno la giornata.
Per saperne di più
Le organizzazioni, grandi e piccole, necessitano di una soluzione che garantisca la resilienza e la sovranità digitale delle loro operazioni: un'alternativa open source e rispettosa della privacy a Teams. E oggi presentiamo questa soluzione: Nextcloud Talk.
Per saperne di più
Can a Microsoft sovereign cloud for Europe exist? Discover what Microsoft's "Digital Principles for Europe" mean as we put them to the test.
Per saperne di più
Nextcloud announces new partnership with Thinkfree Office, a self-hosted office suite developed in South Korea, which is known for its ease of use. This collaboration is all about giving you more options, greater control, and a better user experience.
Per saperne di più
Europe’s Digital Markets Act is a breakthrough, but only if enforced. Here’s why delay empowers Big Tech and threatens digital sovereignty.
Per saperne di più
Comments