Dropbox has some genuinely great security reporting guidelines, but reserves the right to jail you if you disagree

Dropbox has published a set of guidelines for how companies can "encourage, support, and celebrate independent open security research" -- and they're actually pretty great, a set of reasonable commitments to take bug reports seriously and interact respectfully with researchers. (more…)