Today, DigitalOcean launched its public bug bounty program. Building on the success of its private program, the public program allows DigitalOcean to focus internal resources on the demands of keeping the cloud secure, while letting researchers do what they do best. DigitalOcean now has access to Bugcrowd’s full crowd of researchers for an even wider breadth of skill sets to find vulnerabilities faster.
“Incorporating Bugcrowd’s platform into DigitalOcean’s overall security strategy has noticeably decreased the window for detecting vulnerabilities in our cloud,” said DigitalOcean Director of Security Nick Vigier. “Additionally, and in line with our culture of love, we are able to have a more consistent interaction with security researchers through Bugcrowd, and we are able to reward researchers for their hard work!”
DigitalOcean will reward security researchers between $150-$2,500 USD per bug—depending on impact and severity of vulnerabilities identified on their cloud platform interface. The scope includes https://api.digitalocean.com and https://cloud.digitalocean.com.
Vigier continued, “With Bugcrowd we are able to ensure that our communications with researchers is consistent, while also providing our development teams with actionable and validated vulnerabilities. We are excited to extend our program and continue enjoying the benefits of crowdsourced security testing.”