DJI, the drone maker hit with recent security concerns after a US military memo came to light, has announced a new bug bounty program that asks individuals to report any security issues they may find with DJI’s software. The program offers to reward those who find and turn in bugs; assuming the discovered issue qualifies, the person who finds it could get between $10,000 and $30,000. The company is calling this the DJI Threat Identification Reward Program.
In a statement today, DJI Director of Technical Standard Walter Stockwell said:
Security researchers, academic scholars and independent experts often provide a valuable service by analyzing the code in DJI’s apps and other software products and bringing concerns to public attention. DJI wants to learn from their experiences as we constantly strive to improve our products, and we are willing to pay rewards for the discoveries they make.
DJI is interested in potential security vulnerabilities in particular, saying they could concern things like flight logs, video or photos taken by the drones, or even personal details about the drone’s owner and/or operator. The bug bounty program isn’t limited to just security concerns, though, also accepting alerts from researchers and others about problems with the app or anything that concerns flight safety.
The bug bounty is live now, but DJI says it is still working on setting up a related website and that such a site will contain all of the program’s terms and a reporting form. In the meantime, anyone who finds a bug should email it to firstname.lastname@example.org for review. This follows a report from earlier this month claiming that the US Army is no longer allowed to use drones due to security issues discovered with their software.