Latest in Gear

Image credit: JuSun via Getty Images

Have I Been Pwned's code base will be open sourced

It'll help ensure a 'sustainable future' for the project after a failed acquisition process.
Kris Holt, @krisholt
August 7, 2020
93 Shares
Share
Tweet
Share

Sponsored Links

Encryption your data. Digital Lock. Hacker attack and data breach. Big data with encrypted computer code. Safe your data. Cyber internet security and privacy concept. Database storage 3d illustration
JuSun via Getty Images

For the last several years, Have I Been Pwned has proven a valuable way to determine whether your email address is connected to a wide number of data breaches. Following a failed acquisition process, Troy Hunt, the man behind the project, has decided to open-source the Have I Been Pwned code base to help it last.

“The single most important objective of [the mergers and acquisitions] process was to seek a more sustainable future for HIBP and that desire hasn't changed; the project cannot be solely dependent on me,” he wrote in a blog post. “Yet that's where we are today and if I disappear, HIBP quickly withers and dies.” As such, he’s calling on others to support the service, and believes that “open sourcing the code base is the most obvious way to do this.”

Hunt noted there were a few reasons for this, including the prevalence of open source projects and the fact Have I Been Pwned has always been “open in spirit.” On a practical level, it’ll enable others to fix bugs and implement ideas that he’s not necessarily able to.

It’ll take some time to fully open up the code base, and Hunt plans to do so gradually. “The transition from completely closed to completely open will happen incrementally, bit by bit and in a fashion that's both manageable and responsible,” he wrote.

It’s a complex process, especially when you consider the highly sensitive troves of data that make Have I Been Pwned an important service. While much of that data is already in the wild, Hunt said he needed to ensure “privacy controls prevail across the breach data itself even as the code base becomes more transparent.”

Some other services, particularly password managers, also help people monitor whether their data or credentials have been included in a breach. Still, Have I Been Pwned is perhaps the best-known such resource, allowing people to search find out whether their email address is among billions of records from hundreds of data breaches. Taking steps to ensure it’ll remain available in the long run is a welcome move on Hunt’s part.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
93 Shares
Share
Tweet
Share

Popular on Engadget

Apple is allowing Solo Loop returns without sending back the Watch

Apple is allowing Solo Loop returns without sending back the Watch

View
The Morning After: Amazon's new security camera is also an in-home drone

The Morning After: Amazon's new security camera is also an in-home drone

View
Here's everything Amazon announced at its big hardware event

Here's everything Amazon announced at its big hardware event

View
GameStop will have more $499 PS5s available to pre-order on Friday

GameStop will have more $499 PS5s available to pre-order on Friday

View
Ring made a security drone that flies around inside your home

Ring made a security drone that flies around inside your home

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr