Here at HackerOne, we are huge Open Source fans. Open source powers our platform, our infrastructure, and the way in which we engage with our community. As part of our mission to make the Internet safer, we want to make it easier for your Open Source project security program too.
As such, we are offering our popular HackerOne Pro platform as a free service for eligible Open Source projects for vulnerability submission and coordination, bug bounties, and more.
HackerOne's Community Edition is the leading platform for running an effective security program. With it you can provide a safe, structured environment for your users, developers, and hackers to submit vulnerability reports.
HackerOne's Community Edition includes tools for managing these reports, responding to them, and where appropriate, paying bounties to reward your community for their contributions.
Your Security Page declares your project's vulnerability coordination policy to hackers.
Each hacker's historic performance on the platform. Helpful for building community.
Start by inviting a few trusted hackers in a private program by reputation or username.
Integrated tools for discussing submitted vulnerabilities from your community.
Utilize our API to sync your data with your internal data analytics tool.
Query more advanced metrics to track metrics measuring your program's ROI.
Intelligent Pattern matching finds common issues and identifies duplicate reports.
Entirely free for eligible open source projects*.
* Free HackerOne Professional subscription. If you pay out cash bounties, HackerOne will charge the usual 20% payment processing fee.
We have a fairly simple set of eligibility requirements:
Projects in scope must only be Open Source projects that are covered by an OSI license.
Projects must be active and at least 3 months old (age is defined by shipped releases/code contributions).
You add a SECURITY.md in your project root that provides details for how to submit vulnerabilities (example).
Display a link to your HackerOne profile from either the primary or secondary navigation on your project's website.
You maintain an initial response to new reports of less than a week.
To apply, simply click the link below to send us an email and include the name of your project, your project website, and share some details about why you would like to receive HackerOne Community. Please note: all approvals at the discretion of HackerOne and decisions are final.Apply for HackerOne Community Edition