The source code of the Have I Been Pwned (HIBP) platform is to be available as open source software in the future. The announced the initiator, main developer and operator of HIBP, the Australian security researcher Troy Hunt, on his website. This is a direct reaction to the previously very widespread contributions of the community to the service itself. HIBP collects information on leaked and hacked access data from services on the Internet.
The information can be used to inform yourself whether your own data may have been affected by a hack. To make the service even easier to access and use, HIBP is integrated into Mozilla’s Firefox browser and Google’s Chrome browser, among other things. But other services such as the password management 1Password also rely on the information from HIBP.
According to Hunt, there have been many different contributions from the community so far. “HIBP’s philosophy has always been to support the community. Now I want the community to support HIBP”writes the developer. Disclosing the code for HIBP is the obvious way to do this. In this way, the practical foundations of the service would be passed into the hands of other people and the service could be maintained over the long term – regardless of what happens to his person.
The security researcher also points out that it has always been his intention to be completely open with the design of HIBP. There was never any kind of secret recipe behind the service that he wanted to hide. With the disclosure, Hunt hopes above all more transparency and thus more trust in the service. However, disclosure is not that easy to do. That is why Hunt wants to gradually decide on certain parts that should then be available as open source.