HackerOne Offers Free Service For Open Source Projects
On Thursday, Mar. 3, HackerOne announced the availability of a free version of its bug bounty service. The platform called HackerOne Community Edition will provide tools to open source projects for creating bounty programs to improve software security and managing vulnerability submissions.
Open Source Projects Get Free Access To HackerOne Platform
Threat Post reported that eligible open source projects will receive the subscription to HackerOne Professional service for free. The new HackerOne Community Edition will provide all the benefits of the professional service, except the dedicated customer support. The access to the service includes a deduplication service, vulnerability submission coordination, analytics and bounty programs for projects. However, on all cash bounties paid, the company will still charge its usual 20 percent payment processing fee.
HackerOne company's approach and product are inspired and built on a culture of collaborative software development and open source. This program is a first of its kind. When it comes to running efficient, simple and productive security programs, the company aims to ensure that open-source projects received as much support as possible.
HackerOne Company's History
HackerOne was founded in 2012 and since then has been connecting businesses with security researchers in order to help find software. Many companies have been using its platform for public and private bounties, including Kaspersky Lab, Adobe, Nintendo, Microsoft, Twitter, and Facebook. On Thursday, Rockstar Games became the latest company to announce a public bounty.
HackerOne said that it was compelled to offer the HackerOne Professional subscription for free because it recognizes that open source underpins many products and services. According to the company, currently, 36 open source projects use its platform. Over 1,200 vulnerabilities have been resolved in projects, including GitLab, Discourse, Ruby, Rails, Django, Sentry and Brave.
Eligibility Condition For Open Source Initiative License
According to Computerworld, open-source projects must be older than three months old, active and covered by an Open Source Initiative (OSI) license in order to qualify for the Community Edition service. Projects that apply must also promote the security program, must publish a policy for submitting vulnerabilities and must respond to new reports in under a week. Some other open-source projects that do not qualify for the Community Edition Initiative license are covered under the Internet Bug Bounty program run by HackerOne and sponsored by Microsoft and Facebook.
Zerodium Triples iPhone and iOS 10 Exploit Bounty To $1.5 million
The iOS 10 and iPhone bug bounty is raised by Zerodium to $1.5 million.
Apple To Offer Hundreds Of Thousands Of Dollars In Security Bounty Program
Apple has announced its new big rewards bug bounty program.
Google Vulnerability Rewards Program Is Paying More For Android Security Bugs
Google is increasing the rewards for finding Android security vulnerabilities.
MORE IN ITECHPOST
The Role of Technology in Education in 2019
2019 is proving to be another great year for trends in educational technology. There are many upcoming trends that seem to have a bearing on the future of the sector with respect to technology.
New Retroreflective Material Could be Used in Nighttime Color-Changing Road Signs
BUFFALO, N.Y. -- A thin film that reflects light in intriguing ways could be used to make road signs that shine brightly and change color at night, according to a study that will be published on Aug. 9 in Science Advances.
Top 5 Video Games to Play for a Truly Unique First Date
Video games have a way of taking us outside of ourselves and live in a fantasy world. It's even better when you're playing a game with someone special!