HackerOne Community Edition
Free vulnerability coordination / bug bounty platform for open source projects: security page with disclosure policy, report management with discussion tools, intelligent duplicate detection, hacker reputation and private invites, API access, and analytics dashboards. Only cost is a 5% payment processing fee if you choose to pay bounties.
Eligibility: for the project; OSI license required; non-commercial only; project at least 3 months old; Must add a SECURITY.md in the project root, link to the HackerOne profile from the project website, and respond to new reports within a week.
How to apply: Application form on the page (project name, website, motivation); reviews typically complete within one business week.
last verified 2026-07-06