Dive Brief:
- HackerOne is applying the power of its white hat hackers to open source projects for free to test for potential security vulnerabilities, the company announced Friday.
- Eligible open source projects will receive the HackerOne Professional service without charge, providing "vulnerability submission, coordination, dupe detection, analytics, and bounty programs for your projects," according to a HackerOne blog.
- Open source projects such as Ruby, Rails, Discourse, Django, GitLab, Brave and Sentry are already using HackerOne. To date, HackerOne has resolved more than 1,200 vulnerabilities in open source projects.
Dive Insight:
HackerOne says it wants to improve the safety of open source projects that underlie so many products and services today. It’s the same reason Google announced Project Wycheproof last year: When developers use third-party code, they may not be aware of vulnerabilities that code contains.
Cybercriminals can then zero in on and exploit certain vulnerabilities and find them in code used by hundreds, if not thousands, of enterprises.
HackerOne gained broad attention helping big-name companies improve their security posture, and its efforts appear to be paying off. Last month, HackerOne announced it received $40 million in series C funding led by Dragoneer Investment Group and the company said its hacker community tripled to nearly 100,000 last year.
