HackerOne started an internet Bug Bounty program with the goal of, “Rewarding friendly hackers who contribute to a more secure internet.”1 The Bounty is sponsored by two industry leaders Facebook and Microsoft that are constantly looking to improve user experience. It has also been rumored that Google is co-sponsoring the project.2
The program identifies different vulnerabilities that have a heightened potential to adversely affect a large number of internet users, after these deficiencies are identified they are brought to the respective program owner and addressed.
The list of 11 open source projects includes: Python, Ruby, PHP and Perl interpreters; the Django, Ruby on Rails and Phabricator development tools and frameworks; the Apache and Nginx Web servers, and the application sandbox mechanisms of Google Chrome, Internet Explorer 10, Adobe Reader and Flash Player.
“The highlighted open source projects were chosen according to how “critical” the projects were to users.” According to Alex Rice who is a product security lead at Facebook told SC Magazine. 3
HackerOne’s reasoning for starting the program; “Some of the most critical vulnerabilities in the internet’s history have been resolved thanks to efforts of researchers fueled entirely by curiosity and altruism.”4
The concept of the program is great and seeing that major companies are backing this project will only help improve the future of the Bug Bounty moving forward. Who knows, programs like this could even turn around some of the stereo types that currently surround hackers?