HackerOne considers our bug bounty program (announced at the ownCloud Contributor Conference last year) a very successful example of how to bring security to a new level by crowd sourcing expertise on their platform. They published a case study last week describing the what and how behind the ownCloud Hackerone program.
A short teaser:
« They even received customer penetration test results, but were concerned when some of those pentests failed to find any vulnerabilities. Knowing that all software contains vulnerabilities, ownCloud wanted more and higher-quality vulnerability reports than existing contributors and penetration testing were providing. »
Read the full case study to find out how hundreds of experts participated in making ownCloud the most secure cloud sync and share solutions in its class.
We’ve also released the results of the static security scan we’re running over ownCloud each release. Read our blog on .com about this to learn what a Static Source Code Analyzer is and what results it gives for ownCloud.