HackerOne Enhances IBB Project To Help Open Source Security

Share post:

HackerOne has expanded the Internet Bug Bounty (IBB) project to improve general open source security.

Open source projects, spearheaded by individuals and development teams around the world, are supported by almost everyone, from enterprise players to SMBs.

A recent survey conducted by the Linux Foundation and edX found that demand for open-source programmers and experts is soaring, but 92% of managers are having difficulty finding the talent needed to fill current vacancies.

Combined with a skills shortage and the fact that many open source projects are run by developers who are not compensated for their efforts, this can lead to security issues slipping through the net.

The IBB can help solve some of these issues. The IBB is now managed by HackerOne and described as a project that “pool funding and incentivize security researchers to report vulnerabilities within open source software.”

There are three major changes: HackerOne customers can now pool between 1% and 10% of their existing expenditure on the open-source project – of which they may be using components on a large scale – and bounties are now divided 80/20 among hackers and maintainers.

The third amendment is a simplified system for submitting vulnerability reports.

Since its launch in 2013, more than 1,000 vulnerabilities have been reported, with about 300 bug bounty hunters receiving financial awards of approximately $900,000.

Current projects include Ruby, Node.js, Python, Django, and Curl, with more options to be launched soon.

For more information, read the original story in ZDNet.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Polar: A new way of funding open source projects

A company called Polar is introducing a new idea in open-source funding, aiming to allow open source developers...

Hashtag Trending Jan.19-Impact of AI on employment headlines at Davos; New study shows how much data is shared with Facebook; Starlink announces pricey Gigabit...

Where does Open Source fit into the global AI picture? Davos is abuzz with concerns about AI. A new study shows just how much data is shared with Facebook, Starlink announces Gigabit internet but it comes with a steep price, and your smart headphones might be raising eyebrows – literally.   All this and more

Open-source code fuels rise in supply chain cyberattacks

Recent research highlights a concerning trend in cybersecurity: the increasing use of open-source code and legitimate hacking tools...

Hashtag Trending Oct.31-White House issues orders to regulate AI; Can open source help combat the monopolization of AI by giants? A new version of...

The U.S. President issues executive orders to regulate AI, while some are asking if Open source can keep AI from being dominated by a few giants. Remote work isn’t going away without a fight.  Linus Torvald says he’s “run out of excuses” and releases a new version of the Linux core.   These and more

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways