The Internet Bug Bounty (IBB), a project whose goal is to make the Web safer by rewarding white hat hackers who find vulnerabilities in core Internet infrastructure and open source software, announced on Friday that it has secured a $300,000 donation.
Facebook, GitHub and the Ford Foundation, one of the world’s largest charitable organizations, have each donated $100,000 to the IBB. With their donation, GitHub and the Ford Foundation have joined existing sponsors, Facebook, Microsoft and HackerOne.
The IBB rewards researchers who find vulnerabilities in OpenSSL, Nginx, Apache httpd, Perl, PHP, Python, Ruby, Flash, Ruby on Rails, Phabricator, Django, RubyGems and other widely used Internet technologies.
Since its launch in November 2013, the IBB has awarded more than $600,000 for over 600 vulnerabilities found by bounty hunters. This includes over $150,000 awarded last year and $45,000 that hackers decided to donate to charities and nonprofit organizations, such as the Electronic Frontier Foundation (EFF), Hackers for Charity, and the Freedom of the Press Foundation.
Critical security holes such as ImageTragick, Heartbleed and Shellshock earned researchers $7,500, $15,000 and $20,000, respectively.
With the newly raised funds, the IBB plans on expanding the scope of the bug bounty program by adding a new category for flaws in popular data parsing libraries, which are considered increasingly risky. The expansion will also cover technologies that “serve as the technical foundation of a free and open Internet, such as OpenSSL.”
“At Ford Foundation we believe that a secure, free and open internet is critical in the fight against inequality,” said Michael Brennan, Ford Foundation’s technology program officer on the Internet Freedom team. “The open source infrastructure of the internet is part of a public commons that we are committed to help maintain and draw attention to. A necessary part of this maintenance is recognizing and rewarding those who uncover critical vulnerabilities in freely available code that we all rely upon.”
Related Reading: HackerOne Penetrates VC Pockets for $40 Million
Related Reading: Hack DHS Act Establishes Bug Bounty Program for DHS
Related Reading: Mozilla Revamps Bug Bounty Program
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- GoAnywhere MFT Users Warned of Zero-Day Exploit
- UK Car Retailer Arnold Clark Hit by Ransomware
- EV Charging Management System Vulnerabilities Allow Disruption, Energy Theft
- Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking
- Google Fi Data Breach Reportedly Led to SIM Swapping
- Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
- British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers
Latest News
- US Downs Chinese Balloon Off Carolina Coast
- Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op
- Feds Say Cyberattack Caused Suicide Helpline’s Outage
- Big China Spy Balloon Moving East Over US, Pentagon Says
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
