After a failed attempt at a sale, Have I Been Pwned (HIBP) founder Troy Hunt decided to open source the code base for the sprawling database, which has become unwieldy for his singular stewardship.
Hunt said the HIPB website, which since 2013 has allowed internet users to check if their data has been compromised and by whom, outgrew his one-person operation and that sharing the responsible with its community of users made the most sense.
“The project cannot be solely dependent on me. Yet that’s where we are today and if I disappear, HIBP quickly withers and dies,” Hunt wrote in a blog post.
Security professionals applauded the move to open source.
“The ‘Have I Been Pwned’ site provides a valuable service to end-users domain administrators worldwide,” said Gurucul CTO Nilesh Dherange, adding given the scale of the project, it’s understandable that Hunt would look for a larger organization to take on the project.
“It’s good to see him shift the project to an Open Source model,” said Dherange, who explained that the OSS (operations support system) community has a history of supporting robust security projects and responding rapidly when vulnerabilities crop up.
Ilia Kolochenko, founder and CEO of ImmuniWeb, credited Hunt with improving the “modern internet by attracting everyone’s attention to the skyrocketing problem of data breaches and leaks affecting everyone in our society.”
Kolochenko cited the Open Bug Bounty project as a community-based precedent achieving more success than many commercial crowd-security testing companies.
"It’s still a bit unclear who within the emerging HITB community will have access to the data of billions of stolen credentials and for which purposes,” he said. In some states, such access may be unlawful and criminally punishable under a fairly broad spectrum of circumstances.