HackerOne rewards bughunter who found critical security hole in… HackerOne
Vulnerability-reporting platform HackerOne has come clean about a critical security flaw on its own website that could have been used to expose the email addresses of users.
Vulnerability-reporting platform HackerOne has come clean about a critical security flaw on its own website that could have been used to expose the email addresses of users.
Vulnerability-reporting platform HackerOne has paid out a US $ 20,000 bounty after a researcher discovered he was able to access some other users’ bug reports on HackerOne’s website.
HackerOne has refused to host a bug bounty program for spyware seller FlexiSPY on the grounds that the organization is operating illegally and unethically.
David Bisson reports.
HackerOne, the company behind one of the most popular vulnerability coordination and bug bounty platforms, has decided to make its professional service available to open-source projects for free.
“Here at HackerOne, open source runs through our veins,” the company’s representatives said in a blog post. “Our company, product, and approach is built on, inspired by, and driven by open source and a culture of collaborative software development. As such, we want to give something back.”
HackerOne is a platform that makes it easier for companies to interact with security researchers, triage their reports, and reward them. Very few companies have the necessary resources to build and maintain bug bounty programs on their own with all the logistics that such efforts involve, much less so open-source projects that are mostly funded through donations.
To read this article in full or to leave a comment, please click here