Tor plans to launch a bug bounty program

In 2016, Tor will pay researchers to find vulnerabilities in its systems.


Tor will open itself to attack in 2016 with the start of a bug bounty program aimed at identifying weaknesses in its security systems, Motherboard reports. Tor is a free service that allows users to browse the internet anonymously, and it's working with sponsor Open Technology Fund and bug bounty coordinator HackerOne to pull off this latest security sweep. The bug-hunting will be invite-only at first, Tor Browser Lead Developer Mike Perry told Motherboard.

Other companies, including Facebook and Microsoft, have third-party bug-squashing programs, though they can get tricky. This month, Facebook accused a security researcher of overstepping his boundaries as he dug deep into Instagram's code and walked away with the digital keys to the city. Another company, Zerodium, offered $1 million for iOS 9 zero-day exploits in a controversial and irresponsible publicity stunt.

Tor recently hired former Electronic Frontier Foundation head Shari Steele as its executive director and she's pledged to expand Tor into the mainstream. Hosting a public bounty for hunting bugs is a solid step in that direction, as long as Tor avoids the associated traps.