On Thursday, Mar. 3, HackerOne announced the availability of a free version of its bug bounty service. The platform called HackerOne Community Edition will provide tools to open source projects for creating bounty programs to improve software security and managing vulnerability submissions.
Open Source Projects Get Free Access To HackerOne Platform
Threat Post reported that eligible open source projects will receive the subscription to HackerOne Professional service for free. The new HackerOne Community Edition will provide all the benefits of the professional service, except the dedicated customer support. The access to the service includes a deduplication service, vulnerability submission coordination, analytics and bounty programs for projects. However, on all cash bounties paid, the company will still charge its usual 20 percent payment processing fee.
HackerOne company's approach and product are inspired and built on a culture of collaborative software development and open source. This program is a first of its kind. When it comes to running efficient, simple and productive security programs, the company aims to ensure that open-source projects received as much support as possible.
HackerOne Company's History
HackerOne was founded in 2012 and since then has been connecting businesses with security researchers in order to help find software. Many companies have been using its platform for public and private bounties, including Kaspersky Lab, Adobe, Nintendo, Microsoft, Twitter, and Facebook. On Thursday, Rockstar Games became the latest company to announce a public bounty.
HackerOne said that it was compelled to offer the HackerOne Professional subscription for free because it recognizes that open source underpins many products and services. According to the company, currently, 36 open source projects use its platform. Over 1,200 vulnerabilities have been resolved in projects, including GitLab, Discourse, Ruby, Rails, Django, Sentry and Brave.
Eligibility Condition For Open Source Initiative License
According to Computerworld, open-source projects must be older than three months old, active and covered by an Open Source Initiative (OSI) license in order to qualify for the Community Edition service. Projects that apply must also promote the security program, must publish a policy for submitting vulnerabilities and must respond to new reports in under a week. Some other open-source projects that do not qualify for the Community Edition Initiative license are covered under the Internet Bug Bounty program run by HackerOne and sponsored by Microsoft and Facebook.