14 DAY TRIAL // The OpenSSL flaw known as the Heartbleed bug has been named one of the most catastrophic vulnerabilities the Internet has seen in a long time. To ensure that another one doesn’t appear any time soon, security crowdsourcing company Bugcrowd is trying to raise money that will be used to make OpenSSL more secure.
Bugcrowd hopes to raise $250,000 (€180,000), but with 12 days to go, only $5,642 (€4.076) has been donated so far. The tilt amount has been set at just over $15,000 (€10,800).
The initiators of the donation campaign say that the money will be used to reward security researchers who find vulnerabilities in OpenSSL. The rest, if any remains, will be given to the OpenSSL Software Foundation.
Bugcrowd says that it will administer the bounty at its own expense so that all the money donated by the community will go to making the encryption software more secure.
While Bugcrowd hopes to attract corporate sponsors, anyone is welcome to contribute, considering that the Heartbleed bug impacts everyone who uses the Internet.
Sponsors will be credited as Defenders of the Internet. Those who donate more than $5,000 (€3,600) will get special mentions and thanks. There’s no minimum or maximum contribution.
“The challenge is that OpenSSL is a free, open source offering. It relies on a small team of dedicated developers that make sacrifices to maintain it in the belief that they are providing a necessary and valuable service to the global online community,” explained Casey John Ellis, the founder and CEO of Bugcrowd.
“While a majority of businesses around the world rely on it every day to secure the services they run internally and externally, resources are highly constrained and extensive testing has not been possible.”
Ellis added, “Through a Crowdtilt crowdfunding campaign, we will raise money that will encourage crowdsourced security testing, so we can root out any other vulnerabilities in OpenSSL. Not every Internet user can contribute code or security testing skills to OpenSSL, but with a very minor donation to the fund, everyone can play a part in making the Internet safer.”
The Internet Bug Bounty (IBB) program already offers a minimum bounty of $2,500 (€1,800) to researchers who can find OpenSSL vulnerabilities. In fact, IBB has already rewarded Neel Mehta, the expert who discovered Heartbleed, with $15,000 (€1,000).
However, Bugcrowd says that its OpenSSL bounty crowdfunding aims at raising enough money to attract the attention of qualified researchers.