Dive Brief:
-
The nonprofit Tor Project announced it plans to launch its first public bug bounty project, working with HackerOne, according to VentureBeat. The Tor browser is the controversial program that allows people to troll the internet without being tracked.
-
The Tor Project wants to find vulnerabilities that could compromise the anti-surveillance network.
-
Tor launched a private bug bounty program last year. The new program is public, which means anyone can participate. Tor Project said a legitimate bug report could land a researcher up to $4,000.
Dive Insight:
Bug bounties are growing in popularity among companies looking to keep on top of vulnerabilities. For one thing, such programs are often much cheaper than the cost of recovering from an attack. The average cost of recovery from a single security incident is estimated to be $86,500 for small and medium businesses and $861,000 for enterprises, according to a recent report from Kaspersky Lab.
The number of enterprise bug bounty programs grew more than 300% over the last year, according to the 2017 State of Bug Bounty Report released by BugCrowd earlier this month.
HackerOne is well known for helping big-name companies improve their security posture, and its efforts appear to be paying off. In April, HackerOne announced it received $40 million in series C funding led by Dragoneer Investment Group and the company said its hacker community tripled to nearly 100,000 last year.
Large companies like Google, General Electric, Microsoft, United Airlines, Western Union, Tesla Motors and Fiat Chrysler have all participated in bug bounty programs over the last few years.