HackerOne, the global hacker-powered security leader, announced results from private cloud-based solution provider Nextcloud’s bug bounty program.
Nextcloud provides industry-leading on-premises file sync and online collaboration technology to customers all over the world. Security is not just a priority, it’s a core component of its entire business strategy. Nextcloud’s solutions excel at giving their business customers the power to know where data is, who has access, and that even metadata does not leak. This requires a security-first approach to how they design, build, test, and position their products. Nextcloud has elevated security from a cost center to an integral part of their business and brand.
Nextcloud’s lightning fast response times are impressive and make them a model for how to build an efficient bug bounty triage and response process.
The Nextcloud security team has resolved more than 100 valid unique security vulnerabilities to date, while keeping their response time to under one-hour. This makes Nextcloud one of the most responsive security teams on HackerOne.
The Nextcloud security team embraced bug bounty program from the beginning as a way to add more resources, more skills, and more experience to their security team without adding more people. Since June 2016, Nextcloud worked with more than 100 uniquely skilled hackers to vastly expand their security by adding more resources, skills, and more experience to their security team without hiring more people.
Frank Karlitschek, Nextcloud Founder and Managing Director:
Nobody can hire enough engineers to protect against every possible vulnerability and threat, but we can use our bug bounty program to add on-demand expertise where we need it and continuous coverage nearly everywhere else. Security isn’t a feature for us, it is a strategy. We started Nextcloud on the premise of building a more secure solution and security is considered in everything we do.
Michiel Prins, co-founder HackerOne said:
Nextcloud’s lightning fast response times are impressive and make them a model for how to build an efficient bug bounty triage and response process. Their commitment to responsiveness and putting security first puts them in the best position to attract top hacker talent to continue to supplement the good work their internal security team is doing to protect customers.
As a cloud technology company within the European Union, and that stores customer data, Nextcloud was quick to put GDPR compliance features into its product. The HackerOne bug bounty program is more than just proof of Nextcloud’s security, it is an investment to protect against potential GDPR infractions through fast ongoing vulnerability detection and remediation.
For more on our approach to security as a competitive differentiator, including our top three tips for bug bounty success, check out the case study.
“Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat […]
Read More
“When we have welcoming communities of contributors, open source software gets better and more useful to everyone.” Limor Fried, Electrical Engineer, Inventor and Founder of open-source hardware company Adafruit We believe in this ideal and love to work with our community. We are always looking to involve more people in Nextcloud, bringing in their ideas, […]
Read More
Do you want to learn more about the leading Content Collaboration Platform? Nextcloud is an on-premises, integrated collaboration platform that can work for your organization or business in all sectors from Government, education, healthcare, and many other. Meet Nextcloud at exciting upcoming trade shows from Zukunftskongress and DMEA in Berlin to EdTech Congress Barcelona in […]
Read More
Over the last years Nextcloud Talk has developed in a fantastic productivity tool, enabling teams across the globe to communicate and collaborate in chat rooms, video meetings and webinars.
Read More
Hot on the heels of Nextcloud Hub 4, our desktop client now enables users who are running the latest Nextcloud to take advantage of its improved End-to-end encryption features!
Read More
After a complaint filed by Nextcloud on behalf of a coalition of dozens of European cloud tech providers in November 2021, the German Bundeskartellamt (federal antitrust authorities) has now begun an official investigation into Microsoft to assess if the company has a dominant position in the market.
Read More
Nextcloud users know the importance of integrating different systems and tools to create a seamless workflow. Nextcloud Enterprise allows you to integrate with Microsoft environments for file storage, user directory, Outlook, Sharepoint, Windows Desktop, MS Office online server, and Teams. And now, we are excited to announce a new addition to our lineup: the Nextcloud […]
Read More“Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat […]
Read More
To aid government and business organizations migrating away from Microsoft 365, the Nextcloud Office team is looking for participants for UX studies. In particular, heavy users of Microsoft Office are encouraged to participate and provide their input so the team can identify and address the key blockers for migration. Aim of the study Nextcloud is […]
Read More
