Learn more about the Bug Bounty program, including a recap of 2019’s bugs, our expanded scope, new features, and more.
Mar 25, 2020
Blog posts about Bug Bounty
11 post(s)
Newest
Read about some big changes for the coming year: full legal protection for researchers, more GitHub properties eligible for rewards, and increased reward amounts.
Feb 19, 2019
Last month GitHub celebrated the fourth year of our Security Bug Bounty program. As we’ve done in the past, we’re sharing some details and highlights from 2017 and looking ahead to where we see the
Mar 14, 2018
Coinbase loves bug bounties. We think they fundamentally change the economics of vulnerability reporting. Instead of a researcher facing a…
Oct 18, 2017
We’re coming up on four years since the Bug Bounty program was first announced. A lot has changed in that time, and we constantly try to keep our reward structure inline with top security bug
Oct 18, 2017
In honor of our Bug Bounty Program’s third birthday, we kicked off a promotional bounty period in January and February. In addition to bonus payouts, the scope of the bug bounty was expanded to include
Mar 14, 2017
Last month, we announced the third anniversary of our Bug Bounty Program. While there’s still time to disclose your findings through the program, we wanted to pull back the curtain and give you a glimpse
Feb 22, 2017
The GitHub Bug Bounty Program is turning three years old. To celebrate, we’re offering bigger bounties for the most severe bugs found in January and February. The bigger the bug, the bigger the prize The
Jan 9, 2017
Despite the best efforts of its writers, software has vulnerabilities, and GitHub is no exception. Finding, fixing, and learning from past bugs is a critical part of keeping our users and their data safe on
Feb 4, 2016
One of the best ways we protect our members is by identifying vulnerabilities prior to launch through a careful design review and pre-release testing. In t...
Jun 17, 2015
It’s already been a year since we launched the GitHub Security Bug Bounty, and, thanks to bug reports from researchers across the globe, 73 previously unknown security vulnerabilities in our applications have been identified and
Jan 28, 2015