A leading drone maker is offering money to individuals who find security flaws in the software of its products.
DJI, a Chinese manufacturer, said Monday that it is launching a “bug bounty” program offering researchers as much as $30,000 for spotting cyber vulnerabilities in its drones. The announcement comes weeks after it was revealed that the U.S. Army barred the use of DJI drones over cybersecurity concerns.
DJI described its new program as part of the company’s “renewed focus” on addressing concerns about product security. The company said Monday that those who identify bugs through its Threat Identification Reward Program will be given rewards ranging from $100 to $30,000, depending on the severity of the vulnerability.
“Security researchers, academic scholars and independent experts often provide a valuable service by analyzing the code in DJI’s apps and other software products and bringing concerns to public attention,” Walter Stockwell, the company’s director of technical standards, said in a statement.
“DJI wants to learn from their experiences as we constantly strive to improve our products, and we are willing to pay rewards for the discoveries they make,” Stockwell said.
Earlier this month, sUAS News obtained a Department of Army memo stating that the service is halting use of DJI products “due to increased awareness of cyber vulnerabilities.”
The memo, dated Aug. 2, 2017, cites a classified report by the Army Research Laboratory as well as a memo from the Navy.
DJI, which claims to be the global leader in civilian drones and aerial imaging technology, was estimated last year to command 70 percent share of the global drone market.
DJI is known for its Phantom and Mavic Pro drones, as well as the newly launched Spark mini drone.
Bug bounty programs are not uncommon; businesses and governmental organizations — including Apple and the Pentagon — have increasingly used them to identify security vulnerabilities in software.
In addition to the bug bounty program, DJI is also partnering with security researchers and academics to improve its product security and implementing a new internal process to review and approve new software before it is released.