The well-known Have I been Pwned project is going open source. The data breach search engine with hundreds of thousands of exposed records has been developed and maintained by Troy Hunt, a well-respected security and privacy expert.
Who Is Troy Hunt?
Troy Hunt is a Microsoft Regional Director and Most Valuable Professional awardee for Developer Security, and the author of many top-rating security courses for web developers on Pluralsight, among other specialties.
Hunt created Have I Been Pwned (HIBP) as a free resource for individuals to assess if they have been breached or “pwned” in a data-related incident. “I wanted to keep it dead simple to use and entirely free so that it could be of maximum benefit to the community,” Hunt explains on HIBP’s website.
The service was launched in 2013, and since then, it has expanded to include domain monitoring and breach alerts. As HIBP is considered quite a successful project, a logical question would be: why Hunt has decided to open-source it?
Have I Been Pwned Going Open Source
One of the reasons is that one such service is not nearly enough to guarantee future sustainability, and Hunt has made previous attempts to find a buy to help him bolster the project. Since the possible acquisition process failed, the privacy expert decided to try something else – open up HIBP’s code base to the open source community.
“The single most important objective of that process was to seek a more sustainable future for HIBP and that desire hasn’t changed; the project cannot be solely dependent on me,” Hunt said in a blog post published on his official website, TroyHunt.com.
The philosophy of HIBP has always been to support the community, now I want the community to help support HIBP. Open sourcing the code base is the most obvious way to do this. It takes the nuts and bolts of HIBP and puts them in the hands of people who can help sustain the service regardless of what happens to me, he added.
By doing so, Hunt hopes that he will increase trust in HIBP’s work through transparency, and improve the platform’s own security through the discovery of vulnerabilities. The expert is currently working with other experts from open source and cloud systems to open up the code base gradually.