GitHub Paid $4,000,000 In Rewards For Bug Bounty Program

GitHub, the sphere’s leading instrument vogue platform, is celebrating a milestone: the 10th anniversary of its Safety Bug Bounty program.

All the method in which thru the last decade, the program has no longer fully enhanced the safety of GitHub’s companies nonetheless also rewarded security researchers with a staggering $4 million in entire payouts.

A Decade of Milestones

Launched in 2014, the GitHub Safety Bug Bounty program became once designed to delight in interaction with security researchers to name and picture vulnerabilities thru a responsible disclosure job.

The program’s foremost goal has continuously been to reinforce the safety of GitHub’s companies while recognizing the efforts of researchers with financial rewards.

• 2014: The program started specializing in a subset of GitHub’s companies.
• GitHub emphasised the importance of particular person belief and the need for additional eyes to computer screen down elusive vulnerabilities.
• 2016: After two years of the usage of a homegrown electronic mail-essentially essentially based system, GitHub transitioned to HackerOne, a number one malicious program bounty platform, to streamline the technique.
• 2017: GitHub boosted payouts and took part in the Hack the World tournament, offering double fame aspects on HackerOne for bugs chanced on on GitHub.
• 2018: The introduction of the Upright Steady Harbor protection supplied greater protection for researchers, eradicating skill ethical boundaries and encouraging extra participation.

• 2019: The program saw a 40% develop in submissions and expanded its scope to encompass extra products, just like GitHub Actions and GitHub Cell.
• 2020: GitHub’s program became once ranked in HackerOne’s high ten bounty applications in step with cumulative bounties awarded, time to bounty, and the chance of resolved vulnerability reviews.
• 2021: GitHub matched over $64,000 in donations from researchers, supporting charities just like Most cancers Analysis UK and the Increased Pittsburgh Group Meals Bank.
• 2022: The initiate of the GitHub Bug Bounty swag retailer allowed researchers to manufacture merchandise admire T-shirts, water bottles, and financial rewards.
• 2023: GitHub paid out its top seemingly single reward up to now, $75,000, and surpassed $4 million in entire rewards.

The 2023 365 days in Overview

In 2023, GitHub centered on increasing transparency, increasing its public and within most applications, and expanding its community presence.

Increasing Transparency:

GitHub labored on belief overall feedback topics and utilized adjustments to assemble definite definite and detailed responses to researchers.

Introducing miniature disclosure of reviews on HackerOne became once a important step in direction of transparency.

Increasing Functions:

GitHub ran several within most bounty engagements with its VIP program participants, ceaselessly known as Hacktocats.

These engagements incorporated checking out new aspects admire PATs v2 by method of GraphQL and GitHub Copilot Chat.

The public program also saw real development, with new products and aspects ceaselessly added to the scope.

Group Presence:

GitHub’s bounty group attended conferences all around the United States, Canada, and Argentina, presenting on relevant topics and web hosting meetups.

Valuable presentations incorporated “Life of a Bug” at Bsides SF and “Building a Colossal Bounty Program” at DEFCON.

GitHub also partnered with Capital One and HackerOne to assemble Glass Firewall, a convention aimed toward increasing the representation of ladies in security.

As GitHub celebrates this milestone, the firm stays dedicated to bettering the safety of its companies and supporting the analysis community.

With plans to additional strengthen transparency, grow its applications, and develop community engagement, GitHub’s Bug Bounty program is poised for persevered success in future years.

GitHub’s dedication to security and collaborative methodology with the analysis community has region a excessive fashioned in the industry.

As the program enters its 2d decade, the future looks promising for both GitHub and the world community of security researchers.