Another money making opportunity for bug hunters
It pays to be a bug hunter. No, not the squishy kind that scurry about (unless you’re an exterminator), but the kind that leave software vulnerable to attack. There are numerous bug bounty programs out there, and soon you’ll be able to add the Tor Project to the fray.
Nick Mathewson, co-founder and chief architect of the Tor Project, recently made the announcement during the State of the Onion talk at Chaos Communication Congress in Hamburg, Germany.
“We are grateful to the people who have looked over our code over the years, but the only way to continue to improve is to get more people involved,” Mathewson told Motherboard. He added that the program will kick off sometime in 2016.
Bug bounty programs are one way to stay ahead of the bad guys, especially since there are outside companies that offer up cash for exploits and then sell them to government agencies. One of the more prominent ones is Zerodium, which awarded $1 million to researchers who hacked iOS. A zero-day exploit affecting the Tor Browser fetches $30,000 from Zerodium.
It’s not yet known how much the Tor Project will pony up for different exploits. However, Mike Perry, lead developer of the Tor Browser, did say that the program will be an invite-only affair at first.