Menu
HackerOne offers bug bounty service for free to open-source projects

HackerOne offers bug bounty service for free to open-source projects

Open-source projects will get free access to the professional version of the HackerOne platform to run their own security programs

HackerOne, the company behind one of the most popular vulnerability coordination and bug bounty platforms, has decided to make its professional service available to open-source projects for free.

"Here at HackerOne, open source runs through our veins," the company's representatives said in a blog post. "Our company, product, and approach is built on, inspired by, and driven by open source and a culture of collaborative software development. As such, we want to give something back."

HackerOne is a platform that makes it easier for companies to interact with security researchers, triage their reports, and reward them. Very few companies have the necessary resources to build and maintain bug bounty programs on their own with all the logistics that such efforts involve, much less so open-source projects that are mostly funded through donations.

The new HackerOne Community Edition will have all of the benefits of the professional service, minus the dedicated customer support. It will include vulnerability submission, coordination, duplicate detection, analytics, and bounty program management.

In order to qualify, open-source projects need to meet a few basic requirements like publishing code under a license recognized and approved by the Open Source Initiative (OSI) or being more than three months old. Projects that apply must also publish a policy for submitting vulnerabilities, must promote the security program, and must respond to new reports in under a week.

HackerOne is already being used by 36 open-source projects, including Ruby, Rails, Discourse, Django, GitLab, Brave, and Sentry. These projects have fixed more than 1,200 vulnerabilities reported through the platform to date.

Some other open-source projects are covered under the Internet Bug Bounty program, which is run by HackerOne and sponsored by Facebook and Microsoft. The program rewards bug hunters for vulnerabilities found in open-source software packages like PHP, Python, Perl, Apache, Nginx, or OpenSSL that are considered critical to the internet infrastructure.

"Our primary focus at HackerOne is to help make the Internet safer," the HackerOne representatives said. "As part of this we know that open source underpins many products and services that we use every day so we want to ensure that open source projects can get as much support as possible in running simple, efficient, and productive security programs."

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments