HackerOne has announced free professional service for open-source projects aimed at providing support to project developers for running efficient and productive security programs. Called HackerOne Community Edition, this service will help open-source projects with “vulnerability submission, coordination, dupe detection, analytics, and bounty programs.”
To qualify for this service, projects should meet certain requirements, says HackerOne. They must be open-source projects with OSI license, active and at least three months old, willing to provide a link to the HackerOne profile from their website, willing to add SECURITY.md in project root and be active in response to new reports.
There is however no customer-success support available.
See here for more.