Menu
HackerOne offers bug bounty service for free to open-source projects

HackerOne offers bug bounty service for free to open-source projects

Open-source projects will get free access to the professional version of the HackerOne platform to run their own security programs

HackerOne, the company behind one of the most popular vulnerability coordination and bug bounty platforms, has decided to make its professional service available to open-source projects for free.

"Here at HackerOne, open source runs through our veins," the company's representatives said in a blog post. "Our company, product, and approach is built on, inspired by, and driven by open source and a culture of collaborative software development. As such, we want to give something back."

HackerOne is a platform that makes it easier for companies to interact with security researchers, triage their reports, and reward them. Very few companies have the necessary resources to build and maintain bug bounty programs on their own with all the logistics that such efforts involve, much less so open-source projects that are mostly funded through donations.

The new HackerOne Community Edition will have all of the benefits of the professional service, minus the dedicated customer support. It will include vulnerability submission, coordination, duplicate detection, analytics, and bounty program management.

In order to qualify, open-source projects need to meet a few basic requirements like publishing code under a license recognized and approved by the Open Source Initiative (OSI) or being more than three months old. Projects that apply must also publish a policy for submitting vulnerabilities, must promote the security program, and must respond to new reports in under a week.

HackerOne is already being used by 36 open-source projects, including Ruby, Rails, Discourse, Django, GitLab, Brave, and Sentry. These projects have fixed more than 1,200 vulnerabilities reported through the platform to date.

Some other open-source projects are covered under the Internet Bug Bounty program, which is run by HackerOne and sponsored by Facebook and Microsoft. The program rewards bug hunters for vulnerabilities found in open-source software packages like PHP, Python, Perl, Apache, Nginx, or OpenSSL that are considered critical to the internet infrastructure.

"Our primary focus at HackerOne is to help make the Internet safer," the HackerOne representatives said. "As part of this we know that open source underpins many products and services that we use every day so we want to ensure that open source projects can get as much support as possible in running simple, efficient, and productive security programs."


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments