Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-mail-logging domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the health-check domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the ninja-forms domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the updraftplus domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the rocket domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114 Introducing the Nextcloud bug bounty program - NextcloudSkip to main content
Today we are happy to announce the Nextcloud bug bounty program. We offer some of the highest bounties in the open source software industry, rewarding responsible disclosure with up to $5,000 for qualifying vulnerabilities!
We have partnered with the HackerOne platform because of its extraordinary popularity among IT security professionals. More than 3,000 hackers have reported over 24,000 bugs via the platform. Running a program on HackerOne allows us to quickly leverage the collective knowledge of a huge amount of these security experts.
“We are thrilled to welcome Nextcloud to the HackerOne community and have the opportunity to again work with Lukas Reschke”, said Marten Mickos, CEO of HackerOne. “Reschke’s experience with open source and running competitive bug bounty programs at scale is sure to benefit Nextcloud security and its customers.”
While we do perform internal research and add pro-active security hardenings all the time (a prominent example being the introduction of same-site cookies) we are always looking for external input as well. Few limitations and exclusions as well as some of the highest rewards in the open source world for responsible disclosure will serve to attract the kind of professional expertise needed to turn this into a success.
We’re confident in our code base and our work and with this project we will bring the Nextcloud security to an even higher level.
Impact
Definition
Maximum possible reward
Critical
Gaining remote code execution on the server as unauthenticated user. (i.e. RCE)
$5,000
High
Gaining access to complete user data of any other user. (i.e. Auth Bypass)
$2,000
Medium
Limited disclosure of user data or attacks granting access to a single users’ user session. (i.e. XSS)
$750
Low
Very limited disclosure of user data or attacks involving a very high unlikely amount of user interaction.
$250
Note that our websites (nextcloud.com and nextcloud.org) are NOT part of the program, only the software you can find on our install page.
“When we have welcoming communities of contributors, open source software gets better and more useful to everyone.” Limor Fried, Electrical Engineer, Inventor and Founder of open-source hardware company Adafruit We believe in this ideal and love to work with our community. We are always looking to involve more people in Nextcloud, bringing in their ideas, […]
When cables are cut, sanctions are put in place or privacy legislation prohibits the use of the service your entire organization depends on, what can you do? Amidst geo-political changes, organizations face dependencies on large, centralized communication platforms. A major example of this is the SaaS-only communication platform Microsoft Teams. It is the only solution […]
The Nextcloud Conference is not your average event - it's a community meetup that brings together Nextcloud enthusiasts, contributors, developers, users and industry experts from all over the world.
Per aiutare le organizzazioni governative e aziendali a migrare da Microsoft 365, il team di Nextcloud Office sta cercando partecipanti per studi UX. In particolare, gli utenti abituali di Microsoft Office sono incoraggiati a partecipare e a fornire il loro contributo, in modo che il team possa identificare e risolvere i principali ostacoli alla migrazione. […]
We save some cookies to count visitors and make the site easier to use. This doesn't leave our server and isn't to track you personally!
See our Privacy Policy for more information. Customize
Statistics cookies collect information anonymously and help us understand how our visitors use our website. We use cloud-hosted Matomo
Matomo
_pk_ses*: Counts the first visit of the user
_pk_id*: Helps not to double count the visits.
mtm_cookie_consent: Remembers that consent for storing and using cookies was given by the user.
_pk_ses*: 30 minutes
_pk_id*: 28 days
mtm_cookie_consent: 30 days