10 years of the GitHub Security Bug Bounty Program
Discription

Each year, we celebrate the GitHub Security Bug Bounty program, highlighting impressive bugs and researchers, rewards, live hacking events, and more. This year, we celebrate a new milestone: 10 years of the GitHub Security Bug Bounty program! While we've had some exciting growth over the last 10 years, the goals of our program have not changed. The idea is simple: hackers and security researchers find and report vulnerabilities through our responsible disclosure process. Then, to recognize the significant effort that these researchers often put forth when hunting down bugs, we reward them with some cold hard cash. Let's take a look at 10 key moments from the first decade of the GitHub Security Bug Bounty program. In 2014, we launched the program to better engage with security researchers. Here's what we said at the time, which still rings true today: Our users' trust is something we never take for granted here at GitHub. In order to earn and keep that trust we are always working to improve the security of our services. Some vulnerabilities, however, can be very hard to track down and it never hurts to have more eyes. At launch, the bug bounty program was focused on a subset of our products and services, but over time we've expanded the scope (more on that below!). After two years of hosting the program through a homegrown email-based system, we moved to HackerOne in 2016. We boosted payouts in 2017 and participated in Hack the World in 2017, rewarding hackers with…Read More

Back to Main

Subscribe for the latest news: