HackerOne, a platform that is offering hosting for bug bounty programs, announced today that open-source projects can now sign up for a free bug bounty program if they meet a few simple conditions.
The new offering, named HackerOne Community Edition, is identical with HackerOne Professional Edition, the commercial service the company is offering to some of the world's largest organizations, such as Twitter, Dropbox, Adobe, Yahoo, Uber, GitHub, Snapchat, and many others.
The only difference is that open source projects won't be able to benefit from dedicated customer success support, which will remain a feature available only to paying customers.
The conditions that an open source project has to meet before applying for a HackerOne Community Edition account include:
As you can see, there's no limit or criteria regarding the project's popularity, meaning anyone can join, from jQuery plugins to complex CRMs and e-commerce platforms.
HackerOne launched the program today. Some open source projects already joined HackerOne even before today's announcement, such as Django, Discourse, Ruby, Ruby on Rails, Brave, GitLab, and Sentry.
"We know that open source underpins many products and services that we use every day so we want to ensure that open source projects can get as much support as possible in running simple, efficient, and productive security programs," HackerOne said today in a statement.
Similarly to HackerOne, Google has been helping secure the open source community. Today, Google revealed details about an in-house program called Operation Rosehub, during which 50 Google engineers submitted patches to Java open source projects to fix a severe and widespread two-year-old vulnerability affecting thousands of applications.