Security Experts:

Internet Bug Bounty Project Receives $300,000 Donation

The Internet Bug Bounty (IBB), a project whose goal is to make the Web safer by rewarding white hat hackers who find vulnerabilities in core Internet infrastructure and open source software, announced on Friday that it has secured a $300,000 donation.

Facebook, GitHub and the Ford Foundation, one of the world’s largest charitable organizations, have each donated $100,000 to the IBB. With their donation, GitHub and the Ford Foundation have joined existing sponsors, Facebook, Microsoft and HackerOne.

The IBB rewards researchers who find vulnerabilities in OpenSSL, Nginx, Apache httpd, Perl, PHP, Python, Ruby, Flash, Ruby on Rails, Phabricator, Django, RubyGems and other widely used Internet technologies.

Since its launch in November 2013, the IBB has awarded more than $600,000 for over 600 vulnerabilities found by bounty hunters. This includes over $150,000 awarded last year and $45,000 that hackers decided to donate to charities and nonprofit organizations, such as the Electronic Frontier Foundation (EFF), Hackers for Charity, and the Freedom of the Press Foundation.

Critical security holes such as ImageTragick, Heartbleed and Shellshock earned researchers $7,500, $15,000 and $20,000, respectively.

With the newly raised funds, the IBB plans on expanding the scope of the bug bounty program by adding a new category for flaws in popular data parsing libraries, which are considered increasingly risky. The expansion will also cover technologies that “serve as the technical foundation of a free and open Internet, such as OpenSSL.”

“At Ford Foundation we believe that a secure, free and open internet is critical in the fight against inequality,” said Michael Brennan, Ford Foundation’s technology program officer on the Internet Freedom team. “The open source infrastructure of the internet is part of a public commons that we are committed to help maintain and draw attention to. A necessary part of this maintenance is recognizing and rewarding those who uncover critical vulnerabilities in freely available code that we all rely upon.”

Related Reading: HackerOne Penetrates VC Pockets for $40 Million

Related Reading: Hack DHS Act Establishes Bug Bounty Program for DHS

Related Reading: Mozilla Revamps Bug Bounty Program

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.