Announcing the Public Launch of DigitalOcean’s Paid Bug Bounty Program

Today we are excited to launch DigitalOcean’s paid public bug bounty program, the next step in DigitalOcean’s long history of working with security researchers to identify security bugs on our platform. At DigitalOcean, we believe bug bounties are an indispensable tool for improving our security posture, and look forward to continued collaboration with security researchers in the future.

A responsible disclosure program is an important facet of a modern company’s security program. These programs provide a safe, structured method for security researchers to report potential issues to a company’s security team without fear of reprisal or legal action, as long as the research follows the company’s safe harbor guidelines. While it’s best to reward researchers for their time, an unpaid program is still a great way to interact with your security-conscious customers and improve your product, as it provides researchers safety in knowing they will not be prosecuted for good faith reports. While there are exceptions, there are typically two types of bug bounty programs: unpaid “vulnerability disclosure programs,” and paid “bug bounty programs.”