Representatives of the Tor Project, the non-profit organization that maintains the software needed for using the Tor anonymity network and operates the Onion network, have announced the imminent creation of a bug bounty program aimed at finding and fixing security flaws in the software.
The announcement was made last week at the Chaos Communication Congress in Germany.
Not many details have been shared about it. According to Motherboard, the program will be sponsored by the Open Technology Fund, will be set up through the HackerOne bug bounty platform, and will initially be open only to researchers who are directly invited to participate.
The bug bounty program is the organization’s latest move towards making Tor more secure.
In December, they started a new fundraising effort aimed at making the project less reliant on government funding and at spreading the word about Tor. The campaign has been a success.
It’s more than likely that part of the donated funds will go towards paying bug hunters.
“We are grateful to the people who have looked over our code over the years, but the only way to continue to improve is to get more people involved,” Nick Mathewson, co-founder, researcher, and chief architect of the Tor Project, commented their decision to start the bug bounty program.
The announcement comes less than two months after Roger Dingledine, who was Tor Project Director at the time, claimed that the FBI paid university Carnegie Mellon University researchers to unmask Tor users.
Carnegie Mellon University replied by denying that such payment has been made, and implied that they helped the FBI break Tor protection because of a subpoena.