The Tor Project is about to start a bug bounty program for the Tor browser – This means that those who find issues, bugs or vulnerabilities within the Tor browser will be paid for their efforts. Bug bounties are payments made by companies or organizations to researchers who find problems in their website or products, and who then report them. Both large and small companies are using this ”reward program” to ensure the security and the stability of their products. According to Tor, the program will start in January.
Tor made this announcement at the recurring ”State of the Onion” talk at the end of December 2015. The talk was part of the Chaos Communication Congress, an art, politics and security conference held annually in Hamburg, Germany. Nick Mathewson, co-founder, researcher, and chief architect of the Tor Project made this statement about their new program:
“We are grateful to the people who have looked over our code over the years, but the only way to continue to improve is to get more people involved. This program will encourage people to look at our code, find flaws in it, and help us to improve it.”
Bug bounties can help companies to improve