The Internet Bug Bounty
The IBB is a crowdfunded bug bounty program that rewards security researchers and maintainers for uncovering and remediating vulnerabilities in the open-source software that supports the internet.
Open Source Security Advocates
Who can participate
The IBB is open to any bug bounty customer on the HackerOne platform. Any organization that depends on the use of open source, or even depends on third-party vendors who may rely heavily on open source, benefits from expanding the scope of their bounty funds to cover vulnerabilities discovered and remediated in open source.
Why participate
Software supply chain security management is inherently complex, and solving this issue has left the industry scrambling for an answer. One of the best solutions to defend against threats facing the software supply chain is to work together to protect these key dependencies. Just as open-source software is enhanced through the community, the community should help to secure it—and the Internet Bug Bounty program was built to facilitate that joint effort.
Program Mission
How does it work?
The IBB program operates in a pooled defense model, where every participating program’s bounty allocation is pooled to create the public bounty table for the IBB.
