informa
/
Vulnerabilities/Threats
Quick Hits

HackerOne Offers Free Service for Open Source Projects

Service aims to provide efficient security programs but projects must meet certain rules to qualify for it.

HackerOne has announced free professional service for open-source projects aimed at providing support to project developers for running efficient and productive security programs. Called HackerOne Community Edition, this service will help open-source projects with “vulnerability submission, coordination, dupe detection, analytics, and bounty programs.”

To qualify for this service, projects should meet certain requirements, says HackerOne. They must be open-source projects with OSI license, active and at least three months old, willing to provide a link to the HackerOne profile from their website, willing to add SECURITY.md in project root and be active in response to new reports.

There is however no customer-success support available.

See here for more.

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5