Stopping another Heartbleed: This Aussie startup is gathering global developers to squash OpenSSL bugs

There might be even more issues with the OpenSSL software, used to keep websites and your details safe, that we aren’t aware of yet. Australian startup BugCrowd has a plan to fix these problems.


Earlier this month, a flaw was found in the open source software, which keeps hundreds of websites, systems and devices safe. What’s now been termed the “Heartbleed bug” has had the broadest reaching impact of any bug discovered so far.


The software is managed by a not-for-profit group called the OpenSSL Software Foundation. Its president has admitted it doesn’t have the funds to launch a thorough investigation of its code.


So online security startup BugCrowd launched a crowdfunding campaign to cover the cost of gathering hundreds of developers to explore the OpenSSL software for any other issues.


“With many eyes and the right incentive all bugs are shallow. It’s up to the Internet to come to the table and provide the incentive required to make sure wide-scale security exposures like Heartbleed don’t happen again,” founder Casey Ellis wrote in an open letter.


Developers will sift through the code to identify any other bugs. People who discover flaws receive monetary prizes, hence the need for the campaign.


BugCrowd graduated from the second intake of the Startmate Accelerator program last year.


Since then it has moved to San Francisco and has run “bug bounties” with major companies across a range of verticals from banks to tech firms to retail giants.


The bounty it has planned for OpenSSL is a “sprint bounty”, meaning it will run for a set period of time with a capped budget.


All remaining funds will go to the lean, not-for-profit organisation that curates the code, the OpenSSL Software Foundation.


Notify of
Inline Feedbacks
View all comments