The Tor Project will soon launch a bug bounty program that'll reward security researchers for finding vulnerabilities in its code.
Nick Mathewson, co-founder, researcher, and chief architect of the Tor Project recently told Motherboard that they are grateful to the people that have examined their code over the years. Mathewson acknowledged, however, that the only way to continue to improve is to get more people involved. Offering up cold, hard cash will certainly do just that.
The non-profit announced the bounty program during its recent State of the Onion talk at the Chaos Communication Congress in Hamburg, Germany.
Introducing a bug bounty program makes a lot of sense for all parties involved. For white hat hackers, it's yet another opportunity to help earn a living. Nefarious hackers that discover a vulnerability and would otherwise exploit it or sell details on the black market now have the option of a quick payday, an option that saves the organization lots of headaches and PR dings.
Roger Dingledine, co-founder and research director of the Tor Project, told the publication that Open Technology Fund (OTF) is sponsoring the bounty program. Specifically, they're paying bug bounty coordinator HackerOne to get everything in order. Mike Perry, lead developer of the Tor Browser, said during the conference that the program will start out on an invite-only basis.
The Tor Project's bug bounty program will get under way in early 2016.