Tor launching bug bounty programme

A bug bounty programme will be launched later this year by the Tor Project to help steer security researchers to report issues that they find in the software in a responsible manner.

Mike Perry, Tor browser and performance developer, advised of this new development at the “State of the Onion” address last week at the Chaos Communications Congress in Hamburg, Germany.

Tor will partner with HackerOne on the programme. It will start as invite-only with plans to open up to more people later this year. Invite-only bug bounties are open solely to adept researchers that submit fewer false-positives and more high quality reports.

Nick Mathewson, a Tor Project founder, said: “We are grateful to the people who have looked at our code over the years, but the only way to continue to improve is to get more people involved... this programme will encourage people to look at our code, find flaws in it, and help us to improve it.”

Perry said this action will be part of a list of Tor Project goals for the upcoming year.