HackerOne has expanded the Internet Bug Bounty (IBB) project to improve general open source security.
Open source projects, spearheaded by individuals and development teams around the world, are supported by almost everyone, from enterprise players to SMBs.
A recent survey conducted by the Linux Foundation and edX found that demand for open-source programmers and experts is soaring, but 92% of managers are having difficulty finding the talent needed to fill current vacancies.
Combined with a skills shortage and the fact that many open source projects are run by developers who are not compensated for their efforts, this can lead to security issues slipping through the net.
The IBB can help solve some of these issues. The IBB is now managed by HackerOne and described as a project that “pool funding and incentivize security researchers to report vulnerabilities within open source software.”
There are three major changes: HackerOne customers can now pool between 1% and 10% of their existing expenditure on the open-source project – of which they may be using components on a large scale – and bounties are now divided 80/20 among hackers and maintainers.
The third amendment is a simplified system for submitting vulnerability reports.
Since its launch in 2013, more than 1,000 vulnerabilities have been reported, with about 300 bug bounty hunters receiving financial awards of approximately $900,000.
Current projects include Ruby, Node.js, Python, Django, and Curl, with more options to be launched soon.
For more information, read the original story in ZDNet.
