Communication and collaboration software provider Open-Xchange
has opened its internal ‘bug bounty’ program to the public. Open-Xchange, which has headquarters in Nuremberg, Germany, offers solutions that are “built for the cloud” and integrate email, documents, scheduling and social media. Its offerings compete with those provided by companies like Microsoft (Office 365) and Google (Apps for Business). Open-Xchange’s announcement comes after 6 months of invitations to take part in the program.
Bug bounty programs are offered by software developers and allow members of the public and those in the developer’s community to receive financial and other rewards for reporting bugs in programs and websites, particularly bugs that facilitate exploits and vulnerabilities. A number of organizations now offer such programs, with Apple recently announcing its own program. Open-Xchange’s program will be hosted by the HackerOne community and include all Open-Xchange companies, including PowerDNS and Dovecot.
“The hackerone service hosts a very large community of security researchers (ranked by their contribution and skills) and provides the tools to let them report security vulnerabilities and allows bounties (either monetary or “swag”) to easily be awarded by the affected companies,” explained Open-Xchange’s Chief Security Architect, Neil Cook on the company’s blog. “Using hackerone has enabled Open-Xchange to rollout the program with speed and effectiveness, and now it has become an important part of our development and release lifecycle, as well as our responsible disclosure program.” Do you know of any other companies launching bug bounty programs to the public? Let us know the details. Add your comments below.