Vulnerability Management

GitHub announces bug bounty program

Popular source code sharing website GitHub has announced its new bug bounty program, enticing researchers to find vulnerabilities in its products and services.

According to a blog post by Shawn Davenport of GitHub's engineering team, those interested in the program will have a chance to earn anywhere from $100 to $5,000 depending on the severity of the bug discovered.

“If you find a reflected XSS that is only possible in Opera, which is < 2% of our traffic, then the severity and reward will be lower. But a persistent XSS that works in Chrome, which accounts for > 60% of our traffic, will earn a much larger reward,” Davenport wrote.

Not all of GitHub's products and services are open to the new initiative, however, it is planning on expanding the list once it picks up among the researcher community.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.