At Dropbox, the security of our products and the trust of our users are top priorities. We value the contributions of the security community and welcome responsible disclosures of vulnerabilities that help keep our ecosystem safe.

This Vulnerability Disclosure Program (VDP) provides security researchers with clear guidelines for reporting potential vulnerabilities in a way that protects users and enables us to address issues efficiently. While this is a non-monetary program and does not offer bounties, we deeply appreciate your efforts.

Before submitting, please review the program scope, rules of engagement, and submission guidelines to ensure your report aligns with our expectations.

Thank you for helping us build a safer Dropbox.