HackerOne Enhances IBB Project To Help Open Source Security

Share post:

HackerOne has expanded the Internet Bug Bounty (IBB) project to improve general open source security.

Open source projects, spearheaded by individuals and development teams around the world, are supported by almost everyone, from enterprise players to SMBs.

A recent survey conducted by the Linux Foundation and edX found that demand for open-source programmers and experts is soaring, but 92% of managers are having difficulty finding the talent needed to fill current vacancies.

Combined with a skills shortage and the fact that many open source projects are run by developers who are not compensated for their efforts, this can lead to security issues slipping through the net.

The IBB can help solve some of these issues. The IBB is now managed by HackerOne and described as a project that “pool funding and incentivize security researchers to report vulnerabilities within open source software.”

There are three major changes: HackerOne customers can now pool between 1% and 10% of their existing expenditure on the open-source project – of which they may be using components on a large scale – and bounties are now divided 80/20 among hackers and maintainers.

The third amendment is a simplified system for submitting vulnerability reports.

Since its launch in 2013, more than 1,000 vulnerabilities have been reported, with about 300 bug bounty hunters receiving financial awards of approximately $900,000.

Current projects include Ruby, Node.js, Python, Django, and Curl, with more options to be launched soon.

For more information, read the original story in ZDNet.

SUBSCRIBE NOW

Related articles

San Francisco Billboards Urge Tech Companies to Support Open Source Software

Drivers in San Francisco are encountering new billboards calling out tech companies for not financially supporting the open-source...

Big data vendors rally behind Apache Iceberg

Apache Iceberg gained significant momentum last week as leading data warehousing and analytics vendors rolled out new features...

Nvidia unveils open-source AI model rivaling GPT-4

Nvidia has released NVLM 1.0, a powerful open-source artificial intelligence (AI) model that competes with proprietary systems like...

Mozilla sued for discrimination and retaliation by Chief Product Officer Steve Teixeira

Mozilla Corporation, along with three of its executives, is facing a lawsuit in the US for alleged disability...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways