SAN FRANCISCO ㄧ July 21, 2017 ㄧThe Internet Bug Bounty (IBB), the not-for-profit bug bounty program for core internet infrastructure and open source software, today announced three donations of $100,000 each: a renewal from Facebook as well as new investments from Ford Foundation and GitHub. The sponsorships will be used to reward hackers for making the internet a more secure public domain, allowing the IBB to expand the scope and impact of its already far-reaching bug bounty program.
The IBB recognizes and rewards security research that identifies vulnerabilities in internet infrastructure and free open source projects. Since its inception less than four years ago, the IBB has awarded over $616,000 to hackers who have helped uncover more than 625 security vulnerabilities in technologies that support the internet underpinnings and widely adopted open source projects. Over $150,000 was awarded to hackers in the last year alone for more than 250 vulnerabilities. Of the total bounties awarded to hackers, over $45,000 has been donated to charities and nonprofit organizations by these individuals.
“The generous donations from Facebook, Ford Foundation and GitHub lay the foundation for the IBB to expand its vision of making the internet more secure,” said Alex Rice, HackerOne CTO and founder, who serves on the IBB’s panel. “When we have the means to reward altruistic hackers for uncovering critical vulnerabilities in public domains, we are making the internet a safer place for everyone.”
Ford Foundation and GitHub join existing IBB sponsors Facebook, Microsoft and HackerOne in recognizing hackers’ significant contributions to securing the internet.
“Facebook has supported the IBB since its inception and we are proud to renew our commitment,” said Alex Stamos, chief security officer at Facebook. “The internet can bring very positive forces into people's lives and we must work together to make these vital technologies safer.”
“At Ford Foundation we believe that a secure, free and open internet is critical in the fight against inequality,” said Michael Brennan, Ford Foundation’s technology program officer on the Internet Freedom team. “The open source infrastructure of the internet is part of a public commons that we are committed to help maintain and draw attention to. A necessary part of this maintenance is recognizing and rewarding those who uncover critical vulnerabilities in freely available code that we all rely upon.”
The latest rounds of sponsorship will enable the IBB to expand the existing scope to introduce a new "Data Processing Program," which aims to encompass numerous widespread data parsing libraries, as these have been an increasing avenue for exploitation. The IBB will also expand the scope to cover technologies that serve as the technical foundation of a free and open internet, such as OpenSSL.
“Open source software underpins the backbone of the internet and society’s most critical digital infrastructure,” said Shawn Davenport, VP of security at GitHub. “We believe deeply in the importance of this initiative, and we’re excited to sponsor the Internet Bug Bounty and support the people who work tirelessly every day to ensure the internet is as safe and secure as it can possibly be.”
The IBB has recognized researchers for uncovering vulnerabilities in some of the most important open source software, including RubyGems, Ruby, Phabricator, PHP, Python and OpenSSL, among others. Through the IBB, hackers have been rewarded for identifying and reporting on critical vulnerabilities, including ImageTragick ($7,500 bounty), Heartbleed ($15,000 bounty) and Shellshock ($20,000 bounty).
About the Internet Bug Bounty
The Internet Bug Bounty (IBB) is a not-for-profit bug bounty program that provides financial rewards to hackers who identify critical vulnerabilities in internet infrastructure and free open-source software. Since it was founded in 2013, the IBB has awarded white-hat hackers over $616,350 USD in bounties for reporting over 625 valid vulnerabilities in technologies supporting the underpinnings of the internet. The organization is comprised of a panel of influential experts from the security community who are responsible for defining the guidelines for the program, allocating bounties to where additional security research is needed most, and mediating any disagreements that might arise. For more details on how the IBB operates, including guidelines around how scope and bounty prices are determined, finances, panel member requirements, please see its charter.
HackerOne is the #1 hacker-powered security platform, connecting organizations with the world’s largest community of trusted hackers. More than 800 organizations, including the U.S. Department of Defense, General Motors, Twitter, GitHub, Nintendo, Panasonic Avionics, Qualcomm, Square, Starbucks, Dropbox and the CERT Coordination Center trust HackerOne to find critical software vulnerabilities before criminals can exploit them. HackerOne customers have resolved nearly 50,000 vulnerabilities and awarded more than $18M in bug bounties. HackerOne is headquartered in San Francisco with offices in London and the Netherlands.