HackerOne, the global hacker-powered security leader, announced results from private cloud-based solution provider Nextcloud’s bug bounty program.
Industry-leading on-premises file sync and collaboration
Nextcloud provides industry-leading on-premises file sync and online collaboration technology to customers all over the world. Security is not just a priority, it’s a core component of its entire business strategy. Nextcloud’s solutions excel at giving their business customers the power to know where data is, who has access, and that even metadata does not leak. This requires a security-first approach to how they design, build, test, and position their products. Nextcloud has elevated security from a cost center to an integral part of their business and brand.
Nextcloud’s lightning fast response times are impressive and make them a model for how to build an efficient bug bounty triage and response process.
The Nextcloud security team has resolved more than 100 valid unique security vulnerabilities to date, while keeping their response time to under one-hour. This makes Nextcloud one of the most responsive security teams on HackerOne.
Starting a bug bounty program
The Nextcloud security team embraced bug bounty program from the beginning as a way to add more resources, more skills, and more experience to their security team without adding more people. Since June 2016, Nextcloud worked with more than 100 uniquely skilled hackers to vastly expand their security by adding more resources, skills, and more experience to their security team without hiring more people.
Frank Karlitschek, Nextcloud Founder and Managing Director:
Nobody can hire enough engineers to protect against every possible vulnerability and threat, but we can use our bug bounty program to add on-demand expertise where we need it and continuous coverage nearly everywhere else. Security isn’t a feature for us, it is a strategy. We started Nextcloud on the premise of building a more secure solution and security is considered in everything we do.
Michiel Prins, co-founder HackerOne said:
Nextcloud’s lightning fast response times are impressive and make them a model for how to build an efficient bug bounty triage and response process. Their commitment to responsiveness and putting security first puts them in the best position to attract top hacker talent to continue to supplement the good work their internal security team is doing to protect customers.
As a cloud technology company within the European Union, and that stores customer data, Nextcloud was quick to put GDPR compliance features into its product. The HackerOne bug bounty program is more than just proof of Nextcloud’s security, it is an investment to protect against potential GDPR infractions through fast ongoing vulnerability detection and remediation.
For more on our approach to security as a competitive differentiator, including our top three tips for bug bounty success, check out the case study.
Le organizzazioni, grandi e piccole, necessitano di una soluzione che garantisca la resilienza e la sovranità digitale delle loro operazioni: un'alternativa open source e rispettosa della privacy a Teams. E oggi presentiamo questa soluzione: Nextcloud Talk.
In this article, we find out how open-source AI gets you your privacy back and explore examples of reliable AI models that you can use in your ecosystem.
On December 3rd, we invite you to the Nextcloud Enterprise Day Paris, Nextcloud's flagship event for professionals. The day will kick off with a keynote by our CEO and founder, Frank Karlitschek—a highlight where he will share our vision for the future of online collaboration, followed by a major announcement about Nextcloud Talk!
Salviamo alcuni cookie per contare i visitatori e rendere il sito più facile da usare. Questi dati non lasciano il nostro server e non servono a tracciare il tuo profilo personale! Per maggiori informazioni, consulta la nostra Informativa sulla privacy. Personalizza
I cookie statistici raccolgono informazioni in forma anonima e ci aiutano a capire come i visitatori utilizzano il nostro sito web. Utilizziamo Matomo in cloud.
Matomo
_pk_ses*: Conta la prima visita dell'utente
_pk_id*: Aiuta a non contare due volte le visite.
mtm_cookie_consent: Ricorda il consenso alla memorizzazione e all'utilizzo dei cookie dato dall'utente.
_pk_ses*: 30 minuti
_pk_id*: 28 giorni
mtm_cookie_consent: 30 giorni