HackerOne expands Internet Bug Bounty project to tackle open source bugs
HackerOne will be expanding its Bug Bounty program, seeking to increase overall open source security. Open source projects are relied upon by enterprise players and SMBs alike and can represent some significant security risks as open-source components are stored and shared publicly. They range from full operating systems to education tools, server software, libraries, and more. The Linux Foundation recently found that there was a high demand for open course programmers and experts. However, 92% of managers surveyed were facing challenges filling open-source programming positions.
Due to the shortage and nature of open-source components, HackerOne decided to expand the bounty program to find open-source bugs as well. The shortage and lack of oversight create a situation where security issues can slip through. GitHub research suggested that on average, it takes up to four years to discover open-source vulnerabilities. The majority of open-source vulnerabilities are caused by mistakes and human error, says GitHub. HackerOne hopes that it will be able to identify and fix vulnerabilities found in open-source components.