HackerOne offers free bug bounty services to open source projects

HackerOne offers free bug bounty services to open source projects

HackerOne will offer free bug bounty programmes to open source projects, the site has announced.

Last week, the platform unveiled HackerOne Community Edition – a service that enables the creators of open-source projects to use HackerOne Professional for free.

This will give them vulnerability submission, coordination, dupe detection, analytics and bounty programmes free of charge in an effort to simplify the way they attract and manage reports. The one caveat, according to the site, is that they will not have dedicated customer success support.

In a blog post, HackerOne said that open source projects like Ruby, Rails, Discourse and Django already use its services, which have resolved more than 1,200 open source vulnerabilities.

“Our primary focus at HackerOne is to help make the internet safer,” the site said. “As part of this we know that open source underpins many products and services that we use every day, so we want to ensure that open source projects can get as much support as possible in running simple, efficient and productive security programmes.”

The move was met with praise from the creators behind high-profile open source projects.

“As open source has become an increasing component in how organisations consume technology, the workflow of how people build these projects is critical,” said Jono Bacon, leading community strategist, manager and previous director of community at Canonical, GitHub and XPRIZE.

“I am delighted to see HackerOne provide a key component in this workflow in much the same way code hosting/review, continuous integration, containerisation and other pieces have become staple pieces.”

To qualify for the free service, open source projects must be covered by an OSI license, be at least three months old and include a security policy that details how to submit vulnerabilities.

Projects must also display links to their HackerOne profiles on their websites and respond to new vulnerability reports in less than a week.

Photo copyright SIphotography under licence from Thinkstockphotos.co.uk

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]