On the last Thursday, the HackerOne has announced the availability of a free version of their bug bounty platform named HackerOne Community Edition which will allow the open source projets tools for managing their vulnerability submissions and also creating bounty programs to further improve their software security.
According to the company, all the eligible open source projects will receive HackerOne Professional subscription service for free. This will provide them vulnerability submission coordination, which is a deduplication service and bounty programs for projects. HackerOne said they will still charge their usual 20 percent payment processing fee on all the cash bounties paid to the bug bounty hunters.
The CEO of HackerOne, Marten Mickos spoke to the threatpost through an email statement that the program was the first of its kind. He said that HackerOne aims to ensure that open-source projects received a great support when it comes to running simple, productive and efficient security programs.
“Our company, product, and approach is inspired by, built-on, and also driven by open source and a culture of the collaborative software development,” says HackerOne. “We want to give something back.”
HackerOne is connecting businesses with the security researchers to help them find software vulnerabilities since it was founded back in 2012. It has ben a great platform form for companies for both public and private bounties, including Kaspersky Lab, Microsoft, Twitter, Adobe, and Facebook. On Thursday, the Rockstar Games became the latest company to announce a public bounty program.
HackerOne said it recognises that open source underpins many products and services and said it was compelled to offer the HackerOne Professional subscription for free. The company said currently 36 open source projects use its platform and more than 1,200 vulnerabilities have been resolved in projects, including Ruby, Rails, Discourse, Django, GitLab, Brave, and Sentry.