Intigriti - Bug Bounty & Agile Pentesting Platform

Program Scope Updates

11/24/2025, 9:14:33 PM (4 months ago)

Dropbox's Bug Bounty Program is designed to identify and remediate security issues that could meaningfully affect our customers and the confidentiality, integrity, or availability of their data. While we welcome all thoughtful reports, including those that highlight business impact or unexpected product behaviors, our primary mission is to address vulnerabilities with real security implications.

Reports that fall into the category of business logic or revenue-impact issues—such as misuse of coupons, discounts, or non-security functionality of paid services—are valuable and appreciated. These issues, however, do not constitute security vulnerabilities. At our discretion, they may receive a low-severity bounty if we choose to implement a fix, or may be closed as informational if no remediation is planned.

We encourage you to continue sharing anything that appears unusual or potentially impactful. Every submission helps us improve the security and reliability of Dropbox, and we are grateful for your partnership and ongoing contributions to our program.

Welcome to the Dropbox Bug Bounty Program!

7/31/2025, 8:00:38 PM (8 months ago)

We’re thrilled to welcome you to the Dropbox Bug Bounty Program where your curiosity, cleverness, and insights are not only welcomed, but celebrated. Whether you’re here to fuzz some endpoints, audit our auth flows, or just vibe with some recon, we’re genuinely excited to have you digging around in our digital environment.

At Dropbox, we believe in building trust through transparency and partnership. That means we see you not as adversaries, but as collaborators and an extended part of our security team, helping us make Dropbox safer for millions around the world.

Our scope is broad and our team is responsive. There’s plenty of interesting surface to explore and we’re here, ready for the thoughtful reports, the sharp PoCs, and the occasional meme-worthy bug title.

So fire up your proxy of choice, and let us know what you find. If you're unsure about something, just drop us a note — we’re real humans behind these endpoints.

Thanks again for joining us. Let the hunt begin!

— The Dropbox Security Team

P.S. Bonus points for well-formatted and humorous reports. We see you.

Product types

Platform

For customers

Industries we serve

Resources

Plans to suit your security testing needs

Learn more about our company

About Intigriti

Useful links

Blog

Intigriti collaborates with PortSwigger to support ethical hacking excellence

From curiosity to critical bugs: Interview with Marc-Oliver Munz (c1phy)

How to use AI for improved vulnerability report writing

Product types

Bug bounty

PTaaS

Managed VDP

Live hacking events

Platform

Platform tour

Integrations

Trust center

For customers

Additional demos

Knowledge base

Uptime and status

Changelog

Industries we serve

Retail

Gaming and eSports

Finance and Insurance

Leisure and Hospitality

B2B SaaS

Telecommunications

Government and Public services

Transport & Logistics

Healthcare

News, media, published content

eCommerce and transactional websites

IoT and B2B ecosystems

Resources

Customer stories

Blog

Datasheets

Ebooks

Webinars

Shorts

Events

Plans to suit your security testing needs

Core

Premium

Enterprise

Learn more about our company

About us

Leadership

Careers

Contact us

About Intigriti

How it works

Public programs

Useful links

Leaderboard

Learn to hack

Swag shop

Newsletter

Bug bounty talks

Blog

Blog

Intigriti collaborates with PortSwigger to support ethical hacking excellence

From curiosity to critical bugs: Interview with Marc-Oliver Munz (c1phy)

How to use AI for improved vulnerability report writing