CONFERENCE NOW LIVE: Threat Detection & Incident Response (TDIR) Summit - Join the Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

‘Have I Been Pwned’ Code Base Going Open Source

Troy Hunt, the security expert who handles the breach notification website Have I Been Pwned, announced late last week that he is ready to make the code behind the site available in open source.

Troy Hunt, the security expert who handles the breach notification website Have I Been Pwned, announced late last week that he is ready to make the code behind the site available in open source.

Have I Been Pwned allows users to verify whether their emails or passwords have been exposed as part of a data breach and has become the place to go for information when massive data breach dumps become public.

Over the past couple of years, the site’s popularity has increased after an API that allows for the fast search of compromised account data from third-party products and services started being integrated into browser extensions, applications, mobile software, notification websites, and the like, including Firefox and LastPass.

Hunt now says that the time has come for the project to evolve into open source, especially given the fact that community contributions to Have I Been Pwned have increased significantly recently.

“Every single byte of data that’s been loaded into the system in recent years has come from someone who freely offered it in order to improve the security landscape for everyone. Many of the services that HIBP runs on are provided free by the likes of Cloudflare,” Hunt says.

He also notes that the community has contributed to the code behind the website as well, either through the use of publicly available content or through direct support for the project.

“The philosophy of HIBP has always been to support the community, now I want the community to help support HIBP. Open sourcing the code base is the most obvious way to do this. It takes the nuts and bolts of HIBP and puts them in the hands of people who can help sustain the service regardless of what happens to me,” Hunt says.

The move to make the code open source would also addresses concerns regarding the manner in which the service runs (such as the fact that it does not log any of the searches), while helping identify people who can help the project evolve, he notes.

Advertisement. Scroll to continue reading.

Hunt also points out that the process of moving to open source isn’t an easy one, and that the transition will take some time, with support from people who understand what needs to be done, but no timeframe for when the process will be completed has been provided.

“Then there’s the privacy side of it all: my own personal data is in those breaches and your data almost certainly is too because there are literally billions of people that have been impacted by data breaches. Regardless of how broadly that information is circling, I still need to ensure the same privacy controls prevail across the breach data itself even as the code base becomes more transparent,” he also says.

Related: BlackBerry Releases Open Source Reverse Engineering Tool

Related: Apple Releases Open Source Password Manager Resources

Related: IBM Releases Open Source Toolkits for Processing Data While Encrypted

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Jeremy Koppen has left Mandiant after 13 years to become the CISO of Equifax.

Engineering and technology solutions provider Amentum has appointed Max Shier as its CISO.

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.