Security statement

system · November 29, 2023, 1:18pm

Originally published at: Security statement on ownCloud breach - Nextcloud

We are receiving information requests from customers and users worried about the severe security breaches. These occurred in ownCloud (recently aqcuired by US file sync and share vendor Kiteworks) as reported on by Arstechnica and others.

We want to make clear that these absolutely do not affect Nextcloud. Nextcloud has a strict security process backed by a USD 10K bug bounty program. We, for example, have a policy to remove test data from libraries that are shipped, to avoid risks like these.

Nextcloud has diverged significantly over the last years from ownCloud, accelerating our development. There are serious risks associated with using legacy, minimally-maintained software and we would want to point out to users and customers that migration to Nextcloud is quick, easy, painless, and helps keep their data private.

See here the ArsTechnica article in question.

disgustipated · November 29, 2023, 2:56pm

This one might be good to pin, there have already been a couple posts asking about it

jospoortvliet · November 29, 2023, 11:22pm

I’d like to point out that a Bug Bounty Program, if well maintained, can be super helpful if you want to keep software secure… Here’s the stats of our HackerOne bug bounty program. See HackerOne

system · November 30, 2023, 11:23pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.