HackerOne announced on Thursday the availability of a free version of its bug bounty platform called HackerOne Community Edition that will give open source projects tools for managing vulnerability submissions and creating bounty programs to improve software security.
Eligible open source projects will receive the HackerOne Professional subscription service for free, according to the company. This will provide vulnerability submission coordination, a deduplication service, analytics and bounty programs for projects. HackerOne said it will still charge its usual 20 percent payment processing fee on all cash bounties paid.
HackerOne CEO Marten Mickos told Threatpost via an email statement the program was a first of its kind. He said HackerOne’s aim is to ensure that open-source projects received as much support as possible when it comes to running simple, efficient and productive security programs.
“Our company, product, and approach is built-on, inspired by, and driven by open source and a culture of collaborative software development,” according to HackerOne. “We want to give something back.”
HackerOne has been connecting businesses with security researchers to help find software vulnerabilities since it was founded in 2012. The platform has been used by many companies for public and private bounties, including Adobe, Kaspersky Lab, Twitter, Microsoft, and Facebook. On Thursday, Rockstar Games became the latest company to announce a public bounty.
HackerOne said it recognizes that open source underpins many products and services and said it was compelled to offer the HackerOne Professional subscription for free. The company said currently 36 open source projects use its platform and more than 1,200 vulnerabilities have been resolved in projects, including Ruby, Rails, Discourse, Django, GitLab, Brave, and Sentry.
To qualify for the Community Edition service, open-source projects must be older than three months old, active, and covered by an Open Source Initiative (OSI) license that allows software to be freely used, modified and shared.