Open-source projects will get free access to the professional version of the HackerOne platform to run their own security programs HackerOne, the company behind one of the most popular vulnerability coordination and bug bounty platforms, has decided to make its professional service available to open-source projects for free.“Here at HackerOne, open source runs through our veins,” the company’s representatives said in a blog post. “Our company, product, and approach is built on, inspired by, and driven by open source and a culture of collaborative software development. As such, we want to give something back.”HackerOne is a platform that makes it easier for companies to interact with security researchers, triage their reports, and reward them. Very few companies have the necessary resources to build and maintain bug bounty programs on their own with all the logistics that such efforts involve, much less so open-source projects that are mostly funded through donations.The new HackerOne Community Edition will have all of the benefits of the professional service, minus the dedicated customer support. It will include vulnerability submission, coordination, duplicate detection, analytics, and bounty program management. In order to qualify, open-source projects need to meet a few basic requirements like publishing code under a license recognized and approved by the Open Source Initiative (OSI) or being more than three months old. Projects that apply must also publish a policy for submitting vulnerabilities, must promote the security program, and must respond to new reports in under a week.HackerOne is already being used by 36 open-source projects, including Ruby, Rails, Discourse, Django, GitLab, Brave, and Sentry. These projects have fixed more than 1,200 vulnerabilities reported through the platform to date. Some other open-source projects are covered under the Internet Bug Bounty program, which is run by HackerOne and sponsored by Facebook and Microsoft. The program rewards bug hunters for vulnerabilities found in open-source software packages like PHP, Python, Perl, Apache, Nginx, or OpenSSL that are considered critical to the internet infrastructure.“Our primary focus at HackerOne is to help make the Internet safer,” the HackerOne representatives said. “As part of this we know that open source underpins many products and services that we use every day so we want to ensure that open source projects can get as much support as possible in running simple, efficient, and productive security programs.”Offer your commenting service on our Facebook page. Related content news Is China waging a cyber war with Taiwan? Nation-state hacking groups based in China have sharply ramped up cyberattacks against Taiwan this year, according to multiple reports. By Gagandeep Kaur Dec 01, 2023 4 mins Cyberattacks Government Government news Apple patches info-stealing, zero day bugs in iPads and Macs The vulnerabilities that can allow the leaking of sensitive information and enable arbitrary code execution have had exploitations in the wild. By Shweta Sharma Dec 01, 2023 3 mins Zero-day vulnerability feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff Dec 01, 2023 6 mins Technology Industry IT Skills Events news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe