Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12:40 PM
Dark Reading
Dark Reading
Products and Releases

Internet Bug Bounty Receives New Funding to Expand Internet Safety Program

Facebook, Ford Foundation and GitHub donate $300,000 to award hackers who improve internet infrastructure

SAN FRANCISCO July 21, 2017 The Internet Bug Bounty (IBB), the not-for-profit bug bounty program for core internet infrastructure and open source software, today announced three donations of $100,000 each: a renewal from Facebook as well as new investments from Ford Foundation and GitHub. The sponsorships will be used to reward hackers for making the internet a more secure public domain, allowing the IBB to expand the scope and impact of its already far-reaching bug bounty program.

The IBB recognizes and rewards security research that identifies vulnerabilities in internet infrastructure and free open source projects. Since its inception less than four years ago, the IBB has awarded over $616,000 to hackers who have helped uncover more than 625 security vulnerabilities in technologies that support the internet underpinnings and widely adopted open source projects. Over $150,000 was awarded to hackers in the last year alone for more than 250 vulnerabilities. Of the total bounties awarded to hackers, over $45,000 has been donated to charities and nonprofit organizations by these individuals.

“The generous donations from Facebook, Ford Foundation and GitHub lay the foundation for the IBB to expand its vision of making the internet more secure,” said Alex Rice, HackerOne CTO and founder, who serves on the IBB’s panel. “When we have the means to reward altruistic hackers for uncovering critical vulnerabilities in public domains, we are making the internet a safer place for everyone.”

Ford Foundation and GitHub join existing IBB sponsors Facebook, Microsoft and HackerOne in recognizing hackers’ significant contributions to securing the internet.

“Facebook has supported the IBB since its inception and we are proud to renew our commitment,” said Alex Stamos, chief security officer at Facebook. “The internet can bring very positive forces into people's lives and we must work together to make these vital technologies safer.”

“At Ford Foundation we believe that a secure, free and open internet is critical in the fight against inequality,” said Michael Brennan, Ford Foundation’s technology program officer on the Internet Freedom team. “The open source infrastructure of the internet is part of a public commons that we are committed to help maintain and draw attention to. A necessary part of this maintenance is recognizing and rewarding those who uncover critical vulnerabilities in freely available code that we all rely upon.”

The latest rounds of sponsorship will enable the IBB to expand the existing scope to introduce a new "Data Processing Program," which aims to encompass numerous widespread data parsing libraries, as these have been an increasing avenue for exploitation. The IBB will also expand the scope to cover technologies that serve as the technical foundation of a free and open internet, such as OpenSSL.

“Open source software underpins the backbone of the internet and society’s most critical digital infrastructure,” said Shawn Davenport, VP of security at GitHub. “We believe deeply in the importance of this initiative, and we’re excited to sponsor the Internet Bug Bounty and support the people who work tirelessly every day to ensure the internet is as safe and secure as it can possibly be.”

The IBB has recognized researchers for uncovering vulnerabilities in some of the most important open source software, including RubyGems, Ruby, Phabricator, PHP, Python and OpenSSL, among others. Through the IBB, hackers have been rewarded for identifying and reporting on critical vulnerabilities, including ImageTragick ($7,500 bounty), Heartbleed ($15,000 bounty) and Shellshock ($20,000 bounty).

About the Internet Bug Bounty

The Internet Bug Bounty (IBB) is a not-for-profit bug bounty program that provides financial rewards to hackers who identify critical vulnerabilities in internet infrastructure and free open-source software. Since it was founded in 2013, the IBB has awarded white-hat hackers over $616,350 USD in bounties for reporting over 625 valid vulnerabilities in technologies supporting the underpinnings of the internet. The organization is comprised of a panel of influential experts from the security community who are responsible for defining the guidelines for the program, allocating bounties to where additional security research is needed most, and mediating any disagreements that might arise. For more details on how the IBB operates, including guidelines around how scope and bounty prices are determined, finances, panel member requirements, please see its charter.

About HackerOne

HackerOne is the #1 hacker-powered security platform, connecting organizations with the world’s largest community of trusted hackers. More than 800 organizations, including the U.S. Department of Defense, General Motors, Twitter, GitHub, Nintendo, Panasonic Avionics, Qualcomm, Square, Starbucks, Dropbox and the CERT Coordination Center trust HackerOne to find critical software vulnerabilities before criminals can exploit them. HackerOne customers have resolved nearly 50,000 vulnerabilities and awarded more than $18M in bug bounties. HackerOne is headquartered in San Francisco with offices in London and the Netherlands.


Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Virginia a Hot Spot For Cybersecurity Jobs
Jai Vijayan, Contributing Writer,  10/9/2019
How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at Lastline,  10/10/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-10-16
A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation.
PUBLISHED: 2019-10-16
A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system.
PUBLISHED: 2019-10-16
There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can clear the router's log file via act=clear&logtype=sysact to log_clear.php, which could be used to erase attack traces.
PUBLISHED: 2019-10-16
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute code with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the re...
PUBLISHED: 2019-10-16
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient...