A software vulnerability disclosure program recently launched by popular drone maker DJI has turned into a messy public relations battle pitting several security researchers against the growing Chinese technology firm. After DJI recently launched a bug bounty program, two researchers — Sean Malia and Kevin Finisterre — publicly disclosed vulnerabilities in DJI products. The revelations resulted in the company challenging each researcher’s findings and seemingly threatening one with a lawsuit tied to the Computer Fraud and Abuse Act. For researchers who have been poking and prodding DJI’s digital properties and products for about three months, Malia and Finisterre stories strike a familiar tone. Several researchers who approached DJI with information about evident vulnerabilities say the outcome has been less than satisfactory. DJI disputes aspects of some of these accounts, but experts say the firm has gone too far. “Many companies mistake a bug bounty program for a penetration test, in which the […]
The post How DJI fumbled its bug bounty program and created a PR nightmare appeared first on Cyberscoop.
Continue reading How DJI fumbled its bug bounty program and created a PR nightmare→