Open source enterprise file sharing and synchronization (EFSS) company ownCloud today announced that it has partnered with vulnerability management and bug bounty platform provider HackerOne (https://hackerone.com/) to offer a bug bounty program to ownCloud contributors and the security research community at large.
I have written before about ownCloud’s superior security and privacy features of ownCloud, so today’s announcement comes as no surprise. Depending on the severity of the bug, contributors flagging valid vulnerabilities will earn up to $500.
In a press release about the announcement, Frank Karlitschek, CTO, community leader and co-founder at ownCloud said: “Technology companies both large and small have turned to bug bounty programs to bolster security, but we’ve got something they don’t. The ownCloud open source community is filled with intelligent, loyal and dedicated users who have supported us for years, helping to make our product the best and most secure EFSS solution on the market. We are excited for the opportunity to strengthen our partnership with this tremendous resource and rewarding them for their efforts in making the ownCloud experience better, more secure and more efficient.”
Today cyber security is like a game of chess, criminals tend to stay ahead of providers because you can’t hire all the best brains in the world. The best way to stay one step ahead of criminals is to have more eyeballs on your product: As Linus Law states: “Given enough eyeballs, all bugs are shallow.”
I’m not alone in my firm belief that open source software has an edge over proprietary software because of easy access to source code, allowing anyone to audit it for holes. Just look at all the hacks from this year alone that caused billions of dollars in losses, all of them exploited some vulnerability in proprietary software.
Unlike proprietary companies that are often hostile towards security researchers (I’m looking at you, Oracle), open source companies continue to encourage developers to find holes in their products by rewarding them, for finding such vulnerabilities.
Alex Rice, CTO and co-founder, HackerOne said, “By incentivizing thousands of talented hackers globally, companies like ownCloud are leveling the playing field by ensuring criminals are outnumbered and consumers are better protected.”
The program was launched at the ownCloud Contributor Conference, which is taking place August 28 – September 3 in Berlin, Germany.