DJI Launches ‘Bug Bounty Program’ to Incentivize Researchers

The Shenzhen-based drone company is offering researchers cash to find flaws in DJI's software.
www.thedrive.com

Share

DJI seems to be working tirelessly on assuaging any and all privacy, security and quality concerns when it comes to their drone software. According to Monday’s press release, the Chinese drone manufacturer has launched a “bug bounty program for external researchers to better aid our efforts to improve our products.” Essentially, DJI is outsourcing quality assurance work in order to more rapidly and efficiently locate any flaws in their products. This seemingly desperate move may seem unnecessary to some, unaware of DJI’s history. But with proper context, it’s clear the company is determined to eliminate all potential threats as quickly as possible.

Most recently, DJI officially announced an offline-mode for their unmanned aerial vehicles (UAVs) – a decision which came on the heels of the Pentagon banning all DJI-related equipment from U.S. Military use, due to cyber-vulnerability concerns. The Shenzhen-based company was allegedly caught off guard by the Pentagon’s fears and security-based decision making, with little time to properly react. A few weeks later, DJI officially announced an offline-mode option for their drones – an obvious response to the Military ban. This ‘local data mode’ was apparently something DJI had been working on before the Pentagon made their decision, but it certainly seemed that the announcement and release date was affected by DJI’s need to publicly respond to this controversy.

According to Fortune, the “Threat Identification Reward Program” will offer researchers anywhere between $100 and $30,000 to locate and log bugs. The financial reward will be determined by how impactful the identification of a particular bug is. In other words, small bug, small reward. Potentially company-saving flaw identified? Prepare to be paid in the thousands. 

William Stockwell, DJI’s technical standards director, claims that “Security researchers, academic scholars and independent experts often provide a valuable service by analyzing the code in DJI’s apps and other software products and bringing concerns to public attention. DJI wants to learn from their experiences as we constantly strive to improve our products, and we are willing to pay rewards for the discoveries they make.” 

Finally, Stockwell assured everyone that DJI wants “to engage with the research community and respond to their reasonable concerns with a common goal of cooperation and improvement.” Stay tuned for more news on DJI and their continuing battles in this public-relations landscape they’re stuck traipsing around in.