HackerOne offers free bug bounty services to open source projects

HackerOne offers free bug bounty services to open source projects

HackerOne will offer free bug bounty programmes to open source projects, the site has announced.

Last week, the platform unveiled HackerOne Community Edition – a service that enables the creators of open-source projects to use HackerOne Professional for free.

This will give them vulnerability submission, coordination, dupe detection, analytics and bounty programmes free of charge in an effort to simplify the way they attract and manage reports. The one caveat, according to the site, is that they will not have dedicated customer success support.

In a blog post, HackerOne said that open source projects like Ruby, Rails, Discourse and Django already use its services, which have resolved more than 1,200 open source vulnerabilities.

“Our primary focus at HackerOne is to help make the internet safer,” the site said. “As part of this we know that open source underpins many products and services that we use every day, so we want to ensure that open source projects can get as much support as possible in running simple, efficient and productive security programmes.”

The move was met with praise from the creators behind high-profile open source projects.

“As open source has become an increasing component in how organisations consume technology, the workflow of how people build these projects is critical,” said Jono Bacon, leading community strategist, manager and previous director of community at Canonical, GitHub and XPRIZE.

“I am delighted to see HackerOne provide a key component in this workflow in much the same way code hosting/review, continuous integration, containerisation and other pieces have become staple pieces.”

To qualify for the free service, open source projects must be covered by an OSI license, be at least three months old and include a security policy that details how to submit vulnerabilities.

Projects must also display links to their HackerOne profiles on their websites and respond to new vulnerability reports in less than a week.

Photo copyright SIphotography under licence from Thinkstockphotos.co.uk

Copyright Lyonsdown Limited 2021

Top Articles

Usability and email security

When employees understand how their behaviour impacts email security, they become much more efficient at detecting scams, preventing data breaches, and protecting sensitive information.

The pen testing guide you never thought you needed, until now…

Security testing should be at the centre of any cyber strategy,

Institute of Cyber Digital Investigation Professionals launched

CIISec & College of Policing are announcing the independent launch of the Institute of Cyber Digital Investigation Professionals (ICDIP)

Related Articles