"This program will encourage people to look at our code, find flaws in it, and help us to improve it," Mathewson said.This is a great for all the researchers that fights for online anonymity and that wants to contribute to improve the security offered by the Tor system. "The program will start out invite-only," Mike Perry, lead developer of the Tor Browser, said during the talk, and added that vulnerabilities "specific to our applications" would fall into the program. HackerOne raised $25 million in private funding earlier this year. HackerOne is a platform for connecting researchers who discover vulnerabilities and the companies affected by them. "We have a sponsor, OTF, who is paying HackerOne, a company that specializes in this, to help us do it," Roger Dingledine, co-founder and research director of the Tor Project, told Motherboard. In 2014, Facebook paid a total of $1.3 million in bounties. Zerodium will pay $30,000 for an exploit that affects the Tor Browser.īug bounties typically award researchers a lower fee, however, ranging from a few hundred dollars to tens of thousands. In November, researchers were awarded $1 million by new exploit company Zerodium for hacking the latest iOS operating system. This approach sits in stark contrast to hackers who find vulnerabilities and, instead of informing the company affected so that the problems can be fixed, sell the details to governments or private surveillance companies, sometimes via a proxy, which can then take advantage of the vulnerabilities in offensive attacks. For example Microsoft offers bounties, as do a host of other companies, large and small.
The program will start in the new year.īug bounties are payments made by companies or organisations to researchers who find problems in their website or products, and who then report them.
"We are grateful to the people who have looked over our code over the years, but the only way to continue to improve is to get more people involved," Nick Mathewson, co-founder, researcher, and chief architect of the Tor Project told Motherboard.
0 kommentar(er)
