TOR Project - Official Bug Bounty Program in 2016

Appelbaum announces to start a Tor Project Bug Bounty Program

The Tor network will finacial reward the reports of vulnerabilities and security bugs in their software starting this year (2016). Jacob Appelbaum has announced the information during the talks at the Chaos Communication Congress 32C3.

For the bug bounty program the platform H1 has agreed to invest the money for payments. The main scope of the program should focus on vulnerabilities in the Tor-Browser and the Tor-Messenger software. Tor Messenger is a cross-platform chat program that aims to be secure by default and sends all of its traffic over Tor. The Tor Browser lets you use Tor on Windows, Mac OS X, or Linux without needing to install any software.

The new program has been announced to avoid losing the bugs/vulnerabilities to a third party like zerodium. Zerodium is a vupen company and announced to pay around 30.000$ for a valid Tor Project remote exploit.

The main program does finally not run yet but we keep all researchers,  readers and hackers informed about the new updates.

Scope:

https://www.torproject.org/projects/torbrowser.html.en

https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily

Reference(s): Nick Mathewson

http://motherboard.vice.com/read/the-tor-project-is-starting-a-bug-bounty-program