Have I Been Pwned will finally open source its code base
Have I Been Pwned is unquestionably the best way to discover if your email address has been leaked in a data breach. The site can also check any passwords you use to see if they appear on the web and it can be fun entering some common choices to reveal how often they’ve been leaked. "Password", for example, has appeared in data breaches 3.7 million times, while "123456" crops up a whopping 23.5 million times.
The service is used in numerous third-party tools too, including Spybot Identity Monitor and 1Password. Have I Been Pwned is the work of Troy Hunt, and after failing to sell it earlier in the year, he has decided to take the step of opening source the code base in a quest for a more sustainable future.
Writing on his blog, Hunt says:
I've been giving a great deal of thought to how I want this project to evolve lately, especially in the wake of the M&A process that ended earlier this year right back where I'd started: with me being solely responsible for everything. The single most important objective of that process was to seek a more sustainable future for HIBP and that desire hasn't changed; the project cannot be solely dependent on me. Yet that's where we are today and if I disappear, HIBP quickly withers and dies.
As I've given further thought to the future since the M&A process, the significance of community contributions has really hit home. Every single byte of data that's been loaded into the system in recent years has come from someone who freely offered it in order to improve the security landscape for everyone. Many of the services that HIBP runs on are provided free by the likes of Cloudflare. Much of the code that's been written has drawn on community contributions either by virtue of content people have published publicly or support that's been provided to me directly.
Further explaining why he wants to open source the code base, Hunt explains: "It takes the nuts and bolts of HIBP and puts them in the hands of people who can help sustain the service regardless of what happens to me."
The idea of open sourcing Have I Been Pwned is far from new, but it’s good to see Hunt finally taking the step that a lot of people have viewed as inevitable for a long time.