HackerOne, a security platform, just released the most recent iteration of their Internet Bug Bounty (IBB) program. By pooling resources and encouraging security specialists (dubbed “hackers”) to uncover holes in open-source software, the IBB brings changes to improve open-source software security (OSS).
With the addition of the new option of crowd-funding. More enterprises will be able to use the IBB to secure open-source needs in their software as a result of this. Elastic, Facebook, Figma, GitHub, Shopify, and TikTok are among the other programme partners. These businesses, like practically every other digital business, rely on open-source software.
The IBB aims to: –
- Secure Shared Software Components: Incentivize open source and software supply chain dependency security research.
- Pool the defenses: Allow open source users to contribute equitably to our common security.
- Provide Assessment and Remediation: Provide financial assistance to security researchers and open source maintainers, who often volunteer their time.
Bounties are distributed according to an 80/20 split scheme, with the finder receiving 80% of the incentive and the OSS Project receiving 20%. The values indicated above are the full amount of the prize.The bounty amount is set at the time of award, not when the vulnerability is first reported. This is a dynamic bounty table that will alter on a regular basis depending on the amount of partners that have signed up.