The Tor Project has launched a public bug bounty via the HackerOne platform, ZDNet reports.
From the article: “The Tor Project has joined with HackerOne to launch a public bug bounty program aimed at finding vulnerabilities which could compromise the anti-surveillance network.
…’Millions of people around the world depend on Tor to browse the internet privately and securely every day, so our security is critical,’ The Tor team says. ‘Bugs in our code pose one of the biggest threats to our users’ safety; they allow skilled attackers to bypass Tor’s protections and compromise the safety of Tor users.’
On Thursday, Tor launched a public bug bounty program under the moniker #HackTor. Hosted on the HackerOne platform, the scheme is specifically targeting security flaws in the Tor network daemon and Tor browser used to access the network.
In particular, Tor would like to see reports of any remote code execution flaws, local privilege escalation, unauthorized access of user data, or attacks that cause the leakage of crypto material of relays or clients.
Depending on the severity of the issue, researchers can expect to earn up to $4,000 per report.”
Read the full article here.