GitHub Launches Bug Bounty Program, Calls All ‘Bounty Hunters’ For A Challenge and Cash!
Gabriel Roşu / 5 years ago
GitHub has launched its GitHub Bug Bounty, a program aimed to help security researchers in finding bugs and flaws in system. The company is reportedly willing to pay between $100 and $5,000 for each security vulnerability discovered and responsibly disclosed by hackers.
Only the GitHub API, GitHub Gist, and GitHub.com. GitHub are available for the above mentioned program, but the company says its other Web properties and applications are not part of the program though vulnerabilities found “may receive a cash reward at our discretion.”, as they pointed out.
The amount of money given for bugs and flaws is said to be “based on actual risk and potential impact to our users.” Meaning, the bigger the potential scope and the bigger the severity of the issue, the larger the payout.
“If you find a reflected XSS that is only possible in Opera, which is < 2% of our traffic, then the severity and reward will be lower. But a persistent XSS that works in Chrome, which accounts for > 60% of our traffic, will earn a much larger reward.” GitHub gave as an example.
Even spotting a very low-level bug is worth disclosing for the extra cash. Not only are you getting paid for your hard work, but you’re making the Web safer in the long-run. Bug bounty programs are becoming more and more popular because they work. The damages caused by exploited bugs are much greater than simply paying security researchers for finding them first.