HackerOne offers free bug bounty services to open source projects

HackerOne offers free bug bounty services to open source projects

HackerOne will offer free bug bounty programmes to open source projects, the site has announced.

Last week, the platform unveiled HackerOne Community Edition – a service that enables the creators of open-source projects to use HackerOne Professional for free.

This will give them vulnerability submission, coordination, dupe detection, analytics and bounty programmes free of charge in an effort to simplify the way they attract and manage reports. The one caveat, according to the site, is that they will not have dedicated customer success support.

In a blog post, HackerOne said that open source projects like Ruby, Rails, Discourse and Django already use its services, which have resolved more than 1,200 open source vulnerabilities.

“Our primary focus at HackerOne is to help make the internet safer,” the site said. “As part of this we know that open source underpins many products and services that we use every day, so we want to ensure that open source projects can get as much support as possible in running simple, efficient and productive security programmes.”

The move was met with praise from the creators behind high-profile open source projects.

“As open source has become an increasing component in how organisations consume technology, the workflow of how people build these projects is critical,” said Jono Bacon, leading community strategist, manager and previous director of community at Canonical, GitHub and XPRIZE.

“I am delighted to see HackerOne provide a key component in this workflow in much the same way code hosting/review, continuous integration, containerisation and other pieces have become staple pieces.”

To qualify for the free service, open source projects must be covered by an OSI license, be at least three months old and include a security policy that details how to submit vulnerabilities.

Projects must also display links to their HackerOne profiles on their websites and respond to new vulnerability reports in less than a week.


Photo copyright SIphotography under licence from Thinkstockphotos.co.uk

Copyright Lyonsdown Limited 2020

Top Articles

Malaysia Airlines flyers impacted in 9-year-long supplier data breach

Malaysia Airlines has suffered a major breach that compromised personal data records of its frequent flyer customers for over nine years.

Universal Health Services lost $67m to a Ryuk ransomware attack last year

Universal Health Services said the cyber attack cost it $67 million in remediation efforts, loss of acute care services, and other expenses.

How the human immune system inspired a new approach to cyber-security

Artificial intelligence is being used to understand what’s ‘normal’ inside digital systems and autonomously fight back against cyber-threats

Related Articles