Going public with our new bug bounty program

Aug 8, 2016

I have some really exciting news this week, which I’ve been wanting to share for a while. The Open-Xchange group of companies, including PowerDNS and Dovecot, now have public bug bounty programs hosted on hackerone. These programs have actually been operational with increasing numbers of invited expert researchers for the past 6 months, as we built up confidence with the program, adjusted our policies and program scope, and interacted with the hugely knowledgable HackerOne community. Now we’ve reached the stage where we’ve thrown open the doors, and our bug bounty programs are open to everyone.

Bug bounty programs have been an important security tool for a number of years, and while some large companies such as Google and Facebook host their own programs, Open-Xchange has joined companies such as Twitter and Yahoo! in using hackerone. Somewhat appropriately I’m writing this post from the Blackhat USA 2016 conference, having just attended a talk where bug bounty programs were presented as one of the top-10 highest-impact security innovations of the last 20 years.

Indeed, just last week Apple announced their own bug bounty program, no doubt inspired by the example of Open-Xchange!

The hackerone service hosts a very large community of security researchers (ranked by their contribution and skills) and provides the tools to let them report security vulnerabilities and allows bounties (either monetary or “swag”) to easily be awarded by the affected companies. Using hackerone has enabled Open-Xchange to rollout the program with speed and effectiveness, and now it has become a important part of our development and release lifecycle, as well as our responsible disclosure program.

I’m happy to say, that in just 6 months, the bug bounty program has already contributed to the increased security of the software developed by Open-Xchange, and I look forward to seeing how it will evolve over the coming months and years, so watch this space!

You can find the details of our bug bounty programs at:

https://hackerone.com/open-xchangehttps://hackerone.com/dovecothttps://hackerone.com/powerdns

About the author

Neil Cook

Neil Cook

PowerDNS Head of Product

Categories

Related Articles

Dovecot Pro and Lua

As 2019 begins, we at Open-Xchange would like to provide you with an update and a few details regarding the latest Dovecot...

Michael Slusarz Feb 14, 2019

From Latin America to the Far East

The summer of TES in 2018 goes all around the planet – and for a project that was born in the heart of Europe, this is a...

Vittorio Bertola Aug 28, 2018

Keeping your family safe and secure online

Securing all of the various devices in your home is vital to prevent cyber-attacks and to close gateways to harmful content....

Alexander ter Haar Aug 27, 2018

Introducing OX Summit Partner: Vade Secure

According to Cofense, a successful phishing attack costs a mid-sized organization $1.6 million on average. Moreover, FBI...

Frederic Maussion Aug 21, 2018