DJI will pay you $100 to $30,000 for reporting software issues

[msinger]

"DJI, the world’s leader in civilian drones and aerial imaging technology, is establishing a “bug bounty” program to reward people who discover security issues with DJI software. The DJI Threat Identification Reward Program is part of an expanded commitment to work with researchers and others to responsibly discover, disclose and remediate issues that could affect the security of DJI’s software."

"Rewards for qualifying bugs will range from $100 to $30,000, depending on the potential impact of the threat. DJI is developing a website with full program terms and a standardized form for reporting potential threats related to DJI’s servers, apps or hardware. Starting today, bug reports can be sent to [email protected] for review by technical experts."

See more details on DJI's website here.

 

[dirkclod]

 

[Kilrah]

They really have a hard time understanding who they're talking to.

 

[TheLightSpeed!]

Everyone SHHHHH!

 

[dirkclod]

 

[Samson 811970]

View attachment 20775

Woo hoo!! We're gonna be rich! Hear that Android users?

 

[JeepDSL]

It will be interesting to see what kinds of issues they consider to be "bugs."

 

[Bunny Too]

That is folding money.

 

[MavicKhan]

Great move by DJI.

This is a slap in the face for all those who love to come up with conspiracy theories about "nefarious software payloads".

Nothing like putting a manufacturers money were scaremongers mouths are.

Let's see how many come around proving what they claim, while pocketing the reward.

 

[Kilrah]

It's likely you won't find many, for most of those who have the qualifications and have made the discoveries that have happened so far these amounts are laughable in comparison to the business opportunities they have exploiting them.

 

[HKFEVER]

"The DJI Threat Identification Reward Program aims to gather insights from researchers and others who discover issues that may create threats to the integrity of our users’ private data, such as their personal information or details of the photos, videos and flight logs they create. The program is also seeking issues that may cause app crashes or affect flight safety, such as DJI’s geofencing restrictions, flight altitude limits and power warnings."

LOL, those are not bugs, those are written by DJI deliberately.

"Rewards for qualifying bugs will range from $100 to $30,000, depending on the potential impact of the threat."

The followings are they really want to do:
"The DJI Threat Identification Reward Program is part of a renewed focus on addressing concerns about DJI product security, including new efforts to partner with security researchers and academics who have a common goal of trying to improve the security and stability of DJI products. DJI is also implementing a new multi-step internal approval process to review and evaluate new app software before it is released to ensure its security, reliability and stability."

 

[wayy510]

You think they'll pay anyone when they get to decide the "potential impact of the threats."

Good luck DJI. Apple thought they could stop their iOS attacks too and are far more powerful. But alas, it's been atleast 10 continuous years of jailbreaking.

Restrict more and someone will always be there to work around it.

 

[Budge]

Good luck! No one will ever see a dime from DJI! They don't even honor their own sales promotions. I wouldn't waste my time.

 

[RavenTBK]

So this means we should be seeing source code soon, right?

 

[Hybrid]

So this means we should be seeing source code soon, right?

I don't think they would release source for this. It's common for companies to have bounty programs without letting you thumb through their source code.