On September 29, HackerOne announced the latest version of its Internet Bug Bounty (IBB) program. This initiative helped to coordinate the discovery of more than 1,000 security weaknesses in open-source software between 2013 and 2021. HackerOne’s latest version aims to expand the reach of the program even further by pooling defenses from existing bug bounties, dividing bounties in a way that awards stakeholders who contribute to the vulnerability management lifecycle, and consolidating the vulnerability submission flow to improve the experience of participating researchers.
The IBB program helps to advance supply chain security, noted HackerOne. The average application today uses 528 open-source components, providing malicious actors with plenty of vectors by which they can compromise software on which potentially thousands of organizations rely. Time is on the side of those attackers, too. ZDNet reported that most weaknesses in open source projects go undetected for four years. Hence the need for an initiative like the IBB that brings the security community together.
What Else Is New with Bug Bounty Programs?
The newest iteration of HackerOne’s initiative and the detection rate of open-source software vulnerabilities aren’t the only new developments with bug bounty programs. Provid ..
Support the originator by clicking the read the rest link below.
