Security researcher Kevin Finisterre recently found a security flaw that allowed him to access personal data from DJI’s customers on servers from the Chinese drone manufacturer. Finisterre used DJI’s recently launched Bug Bounty program to report his findings. This resulted in many emails being sent back and forth between the researcher and the drone company’s legal department about the scope of DJI’s Bug Bounty program and other legalities. In the end, Finisterre felt threatened and concluded he could not sign DJI’s document. He then decided to not only forgo the 30,000 top reward but also to go public with his story in an 18-page PDF titled: “Why I walked away from $30,000 of DJI bounty money.

expand full story