Rotating credentials for GitHub.com and new GHES patches
The GitHub Blog » Bug Bounty
by Jacob DePriest
5M ago
On December 26, 2023, GitHub received a report through our Bug Bounty Program demonstrating a vulnerability which, if exploited, allowed access to credentials within a production container. We fixed this vulnerability on GitHub.com the same day and began rotating all potentially exposed credentials. After running a full investigation, we assess with high confidence, based on the uniqueness of this issue and analysis of our telemetry and logging, that this vulnerability has not been previously found and exploited. While we are confident the impact was isolated to the bug bounty researcher, our ..read more
Visit website
Cybersecurity spotlight on bug bounty researcher @Ammar Askar
The GitHub Blog » Bug Bounty
by Shilpa Kumari
8M ago
The GitHub bug bounty team is excited to close out Cybersecurity Awareness Month with another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program, @Ammar Askar! As home to over 100 million developers and 372 million repositories, GitHub maintains a strong dedication to ensuring the security and reliability of the code that powers daily development activities. GitHub’s Bug Bounty Program continues to play a pivotal role in advancing the security of the software ecosystem, empowering developers to create and build confidently on our platform and ..read more
Visit website
Cybersecurity spotlight on bug bounty researcher @inspector-ambitious
The GitHub Blog » Bug Bounty
by Shilpa Kumari
9M ago
As we kick off Cybersecurity Awareness Month, the GitHub bug bounty team is excited to spotlight one of the top performing security researchers who participates in the GitHub Security Bug Bounty Program, @inspector-ambitious! As home to over 100 million developers and 372 million repositories, GitHub maintains a strong dedication to ensuring the security and reliability of the code that powers daily development activities. GitHub’s Bug Bounty Program continues to play a pivotal role in advancing the security of the software ecosystem, empowering developers to create and build confidently on ou ..read more
Visit website
GitHub’s revamped VIP Bug Bounty Program
The GitHub Blog » Bug Bounty
by Jeff Guerra
1y ago
GitHub’s bug bounty team has had an exciting start to the year. We launched our very own swag store, allowing researchers to earn exclusive bug bounty branded swag as a bonus perk to their earned bounty reward, and held two private beta feature engagements, which brought us great findings by our VIP researchers! The addition of the swag store came from many conversations and feedback on how we can continue to improve our bug bounty program.In these conversations, we also were inspired to revamp our VIP program, a private program that has been operating for five years, where we privately invite ..read more
Visit website
Introducing the GitHub Bug Bounty swag store
The GitHub Blog » Bug Bounty
by Jill Moné-Corallo
1y ago
Our bug bounty team has had an exciting year, including celebrating the eighth year of our program, hosting a live hacking event in June, spotlighting one of our hackers for cybersecurity awareness month, and spending more time with our community at events such as DEFCON 30. Along the way, we have captured feedback from participants in our program, and we are very excited to announce that we are introducing our very own swag store! The addition of the swag store comes from many conversations and feedback on how we can continue to improve our bug bounty program. We learned that not only do our ..read more
Visit website
Cybersecurity spotlight on bug bounty researcher @ahacker1
The GitHub Blog » Bug Bounty
by Logan MacLaren
1y ago
As the home to more than 90 million developers, GitHub is heavily invested in ensuring that the code developers build and use daily is trusted and secure. Our bug bounty team is continually focused on driving improvements as to how GitHub develops secure software, to enable developers on our platform to innovate more confidently than ever before. Since its launch in 2014, GitHub’s Bug Bounty program has amplified our ability to ship secure products beyond what we could have achieved without the help of our external security researchers. We have continued to grow and expand our bug bounty progr ..read more
Visit website
Eight years of the GitHub Security Bug Bounty program
The GitHub Blog » Bug Bounty
by Jill Moné-Corallo
1y ago
GitHub celebrated yet another record breaking year for our Security Bug Bounty Program in 2021! We’re excited to announce that we recently passed $2,000,000 in total payments to researchers, just two years after we crossed the $1,000,000 mark in 2019. Within the last year, we have paid out over $800,000 in total bounty rewards across our programs. We believe the foundation of a successful security bug bounty program is the partnership with talented security researchers from across the community, so we thank all who have participated in our bounty program this past year and years prior. Securit ..read more
Visit website
Cybersecurity spotlight on bug bounty researcher @yvvdwf
The GitHub Blog » Bug Bounty
by Jeff Guerra
1y ago
The GitHub bug bounty team is excited to close out Cybersecurity Awareness Month with another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program. Security is core to GitHub’s mission, and our bug bounty team is focused on driving improvements as to how GitHub develops secure software. Since its launch in 2014, GitHub’s Bug Bounty Program and the external security researchers who participate have amplified our ability to ship secure products. The program has also consistently been named a top bug bounty program by researchers. In the past year ..read more
Visit website
Cybersecurity spotlight on bug bounty researchers @chen-robert and @ginkoid
The GitHub Blog » Bug Bounty
by Jill Moné-Corallo
1y ago
The GitHub bug bounty team is excited to kick off Cybersecurity Awareness Month with a spotlight on two talented security researchers who participate in the GitHub Security Bug Bounty Program. Security is core to GitHub’s mission, and our bug bounty team is continually focused on driving improvements as to how GitHub develops secure software. Since its launch in 2014, GitHub’s Bug Bounty program has amplified our ability to ship secure products beyond what we could have achieved without the help of our external security researchers. It’s also consistently been named a top bug bounty program by ..read more
Visit website
Seven years of the GitHub Security Bug Bounty program
The GitHub Blog » Bug Bounty
by Greg Ose
1y ago
Security is core to GitHub’s mission and our Product Security Engineering team is focused on continuously driving improvements to how GitHub develops secure software. One key component of GitHub’s security development lifecycle is our partnership with security researchers and the bug bounty community through the GitHub Security Bug Bounty Program. Launched in 2014, this program and our researchers have amplified our ability to ship secure products beyond what we could have achieved as an independent team at GitHub. Now in its seventh year, GitHub’s bug bounty program is a mature and reliable c ..read more
Visit website

Follow The GitHub Blog » Bug Bounty on FeedSpot

Continue with Google
Continue with Apple
OR