Tor security team lead, Georg Koppen said the company selected HackerOne because, “HackerOne is well known by the security community, and we wanted to pick a trusted platform for open communication with independent experts.” This marks Tor’s first public bug bounty since it was founded in 2002. The company conducted a small, private bug bounty in 2016 but Koppen said he “knew going public would expand [its] relationships in the community and improve [its] results.” With support from the Open Technology Fund, the Tor Project said that it will pay out anywhere from $100 to $4,000, depending on the severity of the bug discovered.
HackerOne offers a platform that recruits security researchers and white hat hackers to identify security weaknesses for its clients, including Twitter, Airbnb, Uber, Yelp, and the U.S. Department of Defense. Since it was founded in 2012, HackerOne has run 852 programs, fixed 49,793 bugs, and facilitated $18.7 million in bug bounty payouts.
Michiel Prins, HackerOne Co-Founder presenting Tapping Hackers to Improve Security at FinDEVr London 2017
The San Francisco-based company has offices in London, Seattle, Los Angeles, North Carolina, and the Netherlands. HackerOne earned the Favorite FinDEVr Debut award for its presentation at FinDEVr New York this year and won the Crowd Favorite award at its FinDEVr London presentation last month. In a separate announcement today, the company announced the launch of HackerOne Response, a new product to help companies receive security vulnerability reports from the hacker community, their users, and customers.