enterprisesecuritymag

HackerOne Launches New Version of Internet Bug Bounty

Enterprise Security Magazine | Wednesday, September 29, 2021

HackerOne, revealed the latest version of the Internet Bug Bounty (IBB) program at the company's annual Security@ conference.

FREMONT, CA: At the company's annual Security@ conference, HackerOne, the most trusted hacker-powered security platform globally, revealed the latest version of the Internet Bug Bounty (IBB) program. The IBB's objective is to safeguard open-source software by pooling resources and incentivizing security experts to identify flaws in open-source software. The enhanced program furthers this goal by introducing a new pooled funding mechanism that allows more firms to use the IBB to secure open-source requirements in their software supply chains. Along with HackerOne, collaborating partners include Elastic, Facebook, Figma, GitHub, Shopify, and TikTok, and all depend on open-source software supply chains and other crucial digital infrastructure.

"TikTok is proud to support innovative initiatives like the HackerOne IBB pilot program to further strengthen not only TikTok's security, but also to drive a safer internet for all by leveraging the efforts of the global security research community," said Roland Cloutier, TikTok Chief Security Officer.

The average application uses 528 different open-source components, indicating that open-source software is at the heart of practically every current digital infrastructure. The significant portion of high-risk open-source vulnerabilities revealed in 2020 has been in code for over two years, and most firms lack direct control over open-source software inside supply chains, making it difficult to patch these flaws. Since its inception in 2013, the IBB has found over 1,000 defects in open-source programs, resulting in $900,000 in bounties being granted to roughly 300 hackers.

"Recent cyberattacks against software supply chains demonstrate the urgency of securing these organizational blind spots. And open-source software represents a growing portion of the world's critical supply chain attack surfaces," said Alex Rice, CTO, and co-founder of HackerOne. "The new IBB empowers organizations that are beneficiaries of open source to play an active role in collectively building more secure digital infrastructure for everyone."

"The GitHub Security Lab focuses on fostering collaboration between security researchers and open-source maintainers, to secure the open-source software we all depend on," said Xavier René-Corail, Director, Security Research at GitHub Security Lab. "With its focus on coordinated disclosure and high-impact security fixes, the Internet Bug Bounty program is a unique opportunity to further promote a collaborative community-based approach to open-source security, by incentivizing both the security researcher and the maintainer."