We are proud to announce that Facebook, the Ford Foundation, and GitHub have each donated $100,000 to the Internet Bug Bounty (IBB) to thank hackers who contribute to making the internet safer. Facebook, which has supported the IBB since its inception, renewed its commitment to the program, while the Ford Foundation and GitHub came on board as new partners. These sponsors’ contributions will be used to exclusively fund the bounties awarded to hackers and help the IBB expand its scope to incorporate data processing and privacy technologies.
The IBB is a bug bounty program for the internet, providing financial rewards to hackers who identify critical vulnerabilities in internet infrastructure and free open source software. Since it was founded in 2013, the IBB has awarded hackers over $600,000 in bounties for reporting over 625 valid vulnerabilities impacting the internet we all rely on. Over $150,000 was awarded to hackers in the last year alone for more than 250 vulnerabilities.
Throughout the IBB’s history, more than $45,000 of bounties has been donated to nonprofit organizations, including Electronic Frontier Foundation, Hackers for Charity and Freedom of the Press Foundation.
The IBB has thanked researchers for uncovering vulnerabilities in some of the most important software that supports the internet stack, including RubyGems, Ruby, Phabricator, PHP, Python and OpenSSL, among others. The IBB has rewarded hackers for reporting critical vulnerabilities, including ImageTragick ($7,500 bounty), Heartbleed ($15,000 bounty), and Shellshock ($20,000 bounty).
Some of the programs that have received the most significant contributions from the hacker community include PHP, Python and OpenSSL. By encouraging hackers to find vulnerabilities in broadly adopted technologies, the IBB and its sponsors aim to recognize hackers’ significant contributions to making the internet a safer place for all of us.
The panel will utilize this round of sponsorship to expand the existing scope of the Internet Bug Bounty in two meaningful ways. First, it will introduce a new "Data Processing Program" which aims to encompass numerous widespread data parsing libraries as these have been an increasing avenue for exploitation. Second, it will expand the coverage of technologies that serve as the technical foundation of a free and open Internet, such as OpenSSL. We welcome the community's feedback on which technologies would most benefit from increased security research.
The IBB is a not-for-profit program sponsored by individuals and organizations who genuinely care about our collective security. The panel of volunteers selected from the security community are responsible for defining the guidelines for the program, allocating bounties to where additional security research is needed most, and mediating any disagreements that might arise.
With the support of our generous sponsors, the IBB will continue to thank hackers and security researchers who help secure some of the most important free and open source software that supports the internet stack. We owe these hackers an enormous debt and the IBB is on a mission to cultivate a safe, rewarding environment for past, present, and future security researchers.
For more details on how the Internet Bug Bounty operates, including guidelines around how scope and bounty prices are determined, finances, panel member requirements, please see the charter.
For hackers or open source software maintainers interested in participating, please visit the new program’s page for more information on the submission process. Interested in sponsoring the IBB? Please reach out to firstname.lastname@example.org for more information.
Adam Bacchus, IBB Panelist
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.