To improve general open-source security, HackerOne has extended its Internet Bug Bounty program.
Open-source elements are saved and shared freely. They can vary from entire operating systems to libraries, educational tools, and server software, etc. Everyone from business players to SMBs relies on open-source projects, which are managed by individuals and groups of developers all around the world.
But security problems might occasionally slip between the cracks due to a lack of resources and many open-source projects powered by unpaid developers. According to 2020 GitHub research, finding open-source vulnerabilities can take up to four years on average, with human error accounting for 83 percent of them.
As a result, the code repository stated that the open-source community had “clear opportunities to improve vulnerability detection.” However, it’s not only about detection; vulnerability fixes must also be designed and implemented securely.
The Internet Bug Bounty (IBB) initiative is designed to help with this. IBB is a project managed by HackerOne that pools funds and rewards security researchers for identifying vulnerabilities in open-source software.
Among the changes, clients of HackerOne will now be able to donate between 1% and 10% of their existing spending to the open-source initiative. Another change is the streamlined process for the submission of vulnerability reports.
Since the program’s inception in 2013, over 1,000 vulnerabilities have been disclosed, with almost 300 bug bounty hunters receiving a total of $900,000.
Projects now in scope include Ruby, Node.js, Python, Django, and Curl, with additional options to be introduced in the future.
Recent attacks on software supply chains have highlighted the need for safeguarding organizational blind spots. Furthermore, open-source software is becoming a more significant part of the world’s critical supply chain potential vulnerabilities.
The new IBB allows open-source beneficiaries to take a more active role in collaboratively developing a safer digital infrastructure for everyone.
