TikTok, GitHub and Facebook join forces with a bug bounty on open source

As open source software attracts more and more companies, they want to make sure that they don’t have existing vulnerabilities in their code. The HackerOne platform, which initially launched an “internet bug bounty” (IBB) program in 2013, is now welcoming more and more renowned sponsors, such as TikTok, Elastic, Facebook, Figma, GitHub, and even Shopify. The objective: to encourage hackers to identify and report the vulnerabilities of the main projects in the open source environment. Since its launch, the platform has found 1,000 bugs and paid out $ 900,000 to around 300 hackers.

Today, the sponsors have decided to launch another IBB program in order to “enable companies benefiting from open source to play an active role in the collective construction of a more secure digital infrastructure”, assures Alex Rice CTO and co -Founder of HackerOne in the ad. The latter program allows HackerOne customers to pool between 1% and 10% of the budgets they allocate to their own bug bounty programs for IBB.

Towards a simplification of the reporting process

It will also employ volunteer “maintainers” who patch the vulnerabilities – these will get 20% of the premium, the company said. “This is often a thankless effort by overworked and underfunded volunteers who work tirelessly to keep OSS projects going. We believe it is necessary to support their tandem efforts to strengthen the community, ”said HackerOne. The remaining 80% will be paid to hackers who discover the loopholes. The company is also committed to improving the vulnerability reporting process for open source bug hunters and will meet weekly to award rewards to all eligible submissions. Through this sponsorship, companies like TikTok or Facebook intend to reaffirm their brand image and regain the trust of users on issues related to security.