News

HackerOne offers bug bounty service for free to open-source projects

Open-source projects will get free access to the professional version of the HackerOne platform to run their own security programs

|

Romania Correspondent, IDG News Service |

Open-source projects can run bug bounty programs on HackerOne for free.
Credit: Pexels
More like this

HackerOne, the company behind one of the most popular vulnerability coordination and bug bounty platforms, has decided to make its professional service available to open-source projects for free.

"Here at HackerOne, open source runs through our veins," the company's representatives said in a blog post. "Our company, product, and approach is built on, inspired by, and driven by open source and a culture of collaborative software development. As such, we want to give something back."

HackerOne is a platform that makes it easier for companies to interact with security researchers, triage their reports, and reward them. Very few companies have the necessary resources to build and maintain bug bounty programs on their own with all the logistics that such efforts involve, much less so open-source projects that are mostly funded through donations.

The new HackerOne Community Edition will have all of the benefits of the professional service, minus the dedicated customer support. It will include vulnerability submission, coordination, duplicate detection, analytics, and bounty program management.

In order to qualify, open-source projects need to meet a few basic requirements like publishing code under a license recognized and approved by the Open Source Initiative (OSI) or being more than three months old. Projects that apply must also publish a policy for submitting vulnerabilities, must promote the security program, and must respond to new reports in under a week.

HackerOne is already being used by 36 open-source projects, including Ruby, Rails, Discourse, Django, GitLab, Brave, and Sentry. These projects have fixed more than 1,200 vulnerabilities reported through the platform to date.

Some other open-source projects are covered under the Internet Bug Bounty program, which is run by HackerOne and sponsored by Facebook and Microsoft. The program rewards bug hunters for vulnerabilities found in open-source software packages like PHP, Python, Perl, Apache, Nginx, or OpenSSL that are considered critical to the internet infrastructure.

"Our primary focus at HackerOne is to help make the Internet safer," the HackerOne representatives said. "As part of this we know that open source underpins many products and services that we use every day so we want to ensure that open source projects can get as much support as possible in running simple, efficient, and productive security programs."

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Related:

Lucian Constantin is an IDG News Service correspondent. He writes about information security, privacy, and data protection.

How much is a data breach going to cost you?
You Might Like
Most Popular
turbotax deal
34% off TurboTax Deluxe 2016 Tax Software Federal & State - Deal Alert

No Tax Knowledge Needed. TurboTax will ask you easy questions to get to know you and fill in all the...

1 reddit intro
The 10 essential Reddits for security pros

Here, we’ve gathered 10 of the best cybersecurity Reddits so you don’t have to waste any time and can...

apc backup
20% off APC Back-UPS 600VA 7-outlet Uninterruptible Power Supply (UPS) with

The new APC BE600M1 Back-UPS has 7 total outlets: 5 battery backup outlets plus 2 Surge Protection...

BrandPosts
Learn more
Popular Resources
Featured Stories
1 reddit intro
The 10 essential Reddits for security pros

Here, we’ve gathered 10 of the best cybersecurity Reddits so you don’t have to waste any time and can...

smashed mailbox
Spammers expose their entire operation through bad backups

In January, MacKeeper researcher Chris Vickery contacted Salted Hash with an interesting discovery, and...

chairs stage
Why more Chief Strategy and Risk Officers need a seat at the security table

For years the evolving role of chief information security officers has increasingly required them to...

51l4pho0ml. ac
20% off When you Pre-Order Tom Clancy’s Ghost Recon Wildlands - (XBOX ONE,

For a limited time, if you're an Amazon Prime Member (or have a free trial) you'll see the price drop...