Codebase of Have I Been Pwned will eventually become open source

The Have I Been Pwned codebase will eventually be made open source. Founder Troy Hunt reports this. Have I Been Pwned is a search engine that allows users to check whether their email addresses are involved in a data breach.

Troy Hunt writes in a blog post that the decision to make the codebase open source had been around for some time. The codebase is not made open source all at once, Hunt reports. “Have I Been Pwned isn’t able to change visibility in GitHub all at once, but it has to get there.”

For the time being, Hunt chooses to publish ‘the right parts of the codebase at the right time’. In time, all possible code must be public. The data from data leaks that Have I been Pwned possesses and the way in which they are dealt with are not so much made public. This is partly due to legal and privacy considerations.

Hunt mentions several reasons for making the code open source. In this way he wants to be ‘as transparent as possible’ about the design of the service. The developer also hopes to solve the concerns of some users, among other things. For example, people wondered whether searches through Have I Been Pwned were saved to build a database of email addresses, Hunt writes. “I don’t, but right now that statement boils down to ‘trust me’.” By making the code public, people can verify this themselves.

Hunt also hopes that other people can now help maintain the project so that it doesn’t depend on him alone. Hunt also reports that maintaining the website takes him a lot of time and that he needs help with this. For this reason, Hunt initially sought a buyer for the website, but that search was discontinued earlier this year. By making the code public, Hunt hopes the community can help maintain the data breach search engine, such as fixing bugs and implementing new ideas.