HackerOne offers bug bounty service for free to open-source projects
Security

HackerOne offers bug bounty service for free to open-source projects

HackerOne, the company behind one of the most popular vulnerability coordination and bug bounty platforms, has decided to make its professional service available to open-source projects for free.

"Here at HackerOne, open source runs through our veins," the company's representatives said in a blog post. "Our company, product, and approach is built on, inspired by, and driven by open source and a culture of collaborative software development. As such, we want to give something back."

HackerOne is a platform that makes it easier for companies to interact with security researchers, triage their reports, and reward them. Very few companies have the necessary resources to build and maintain bug bounty programs on their own with all the logistics that such efforts involve, much less so open-source projects that are mostly funded through donations.

The new HackerOne Community Edition will have all of the benefits of the professional service, minus the dedicated customer support. It will include vulnerability submission, coordination, duplicate detection, analytics, and bounty program management.

In order to qualify, open-source projects need to meet a few basic requirements like publishing code under a license recognized and approved by the Open Source Initiative (OSI) or being more than three months old. Projects that apply must also publish a policy for submitting vulnerabilities, must promote the security program, and must respond to new reports in under a week.

HackerOne is already being used by 36 open-source projects, including Ruby, Rails, Discourse, Django, GitLab, Brave, and Sentry. These projects have fixed more than 1,200 vulnerabilities reported through the platform to date.

Some other open-source projects are covered under the Internet Bug Bounty program, which is run by HackerOne and sponsored by Facebook and Microsoft. The program rewards bug hunters for vulnerabilities found in open-source software packages like PHP, Python, Perl, Apache, Nginx, or OpenSSL that are considered critical to the internet infrastructure.

"Our primary focus at HackerOne is to help make the Internet safer," the HackerOne representatives said. "As part of this we know that open source underpins many products and services that we use every day so we want to ensure that open source projects can get as much support as possible in running simple, efficient, and productive security programs."

IDG Insider

PREVIOUS ARTICLE

«JSON's Crockford envisions a post-JavaScript world

NEXT ARTICLE

Beyond lithium-ion: Researchers reveal a safer, longer-lasting, solid-state battery alternative»
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Will Kotlin overtake Java as the most popular Android programming language in 2018?