On December 26, 2023, GitHub received a report through our Bug Bounty Program demonstrating a vulnerability which, if exploited, allowed access to credentials within a production container. We fixed this vulnerability on GitHub.com the same day and began rotating all potentially exposed credentials. After running a full investigation, we assess with high confidence, based on the uniqueness of this issue and analysis of our telemetry and logging, that this vulnerability has not been previously found and exploited. While we are confident the impact was isolated to the bug bounty researcher, our ..read more

The GitHub bug bounty team is excited to close out Cybersecurity Awareness Month with another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program, @Ammar Askar! As home to over 100 million developers and 372 million repositories, GitHub maintains a strong dedication to ensuring the security and reliability of the code that powers daily development activities. GitHub’s Bug Bounty Program continues to play a pivotal role in advancing the security of the software ecosystem, empowering developers to create and build confidently on our platform and ..read more

As we kick off Cybersecurity Awareness Month, the GitHub bug bounty team is excited to spotlight one of the top performing security researchers who participates in the GitHub Security Bug Bounty Program, @inspector-ambitious! As home to over 100 million developers and 372 million repositories, GitHub maintains a strong dedication to ensuring the security and reliability of the code that powers daily development activities. GitHub’s Bug Bounty Program continues to play a pivotal role in advancing the security of the software ecosystem, empowering developers to create and build confidently on ou ..read more

GitHub’s bug bounty team has had an exciting start to the year. We launched our very own swag store, allowing researchers to earn exclusive bug bounty branded swag as a bonus perk to their earned bounty reward, and held two private beta feature engagements, which brought us great findings by our VIP researchers! The addition of the swag store came from many conversations and feedback on how we can continue to improve our bug bounty program.In these conversations, we also were inspired to revamp our VIP program, a private program that has been operating for five years, where we privately invite ..read more

Our bug bounty team has had an exciting year, including celebrating the eighth year of our program, hosting a live hacking event in June, spotlighting one of our hackers for cybersecurity awareness month, and spending more time with our community at events such as DEFCON 30. Along the way, we have captured feedback from participants in our program, and we are very excited to announce that we are introducing our very own swag store! The addition of the swag store comes from many conversations and feedback on how we can continue to improve our bug bounty program. We learned that not only do our ..read more

As the home to more than 90 million developers, GitHub is heavily invested in ensuring that the code developers build and use daily is trusted and secure. Our bug bounty team is continually focused on driving improvements as to how GitHub develops secure software, to enable developers on our platform to innovate more confidently than ever before. Since its launch in 2014, GitHub’s Bug Bounty program has amplified our ability to ship secure products beyond what we could have achieved without the help of our external security researchers. We have continued to grow and expand our bug bounty progr ..read more

GitHub celebrated yet another record breaking year for our Security Bug Bounty Program in 2021! We’re excited to announce that we recently passed $2,000,000 in total payments to researchers, just two years after we crossed the $1,000,000 mark in 2019. Within the last year, we have paid out over $800,000 in total bounty rewards across our programs. We believe the foundation of a successful security bug bounty program is the partnership with talented security researchers from across the community, so we thank all who have participated in our bounty program this past year and years prior. Securit ..read more

The GitHub bug bounty team is excited to close out Cybersecurity Awareness Month with another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program. Security is core to GitHub’s mission, and our bug bounty team is focused on driving improvements as to how GitHub develops secure software. Since its launch in 2014, GitHub’s Bug Bounty Program and the external security researchers who participate have amplified our ability to ship secure products. The program has also consistently been named a top bug bounty program by researchers. In the past year ..read more

The GitHub bug bounty team is excited to kick off Cybersecurity Awareness Month with a spotlight on two talented security researchers who participate in the GitHub Security Bug Bounty Program. Security is core to GitHub’s mission, and our bug bounty team is continually focused on driving improvements as to how GitHub develops secure software. Since its launch in 2014, GitHub’s Bug Bounty program has amplified our ability to ship secure products beyond what we could have achieved without the help of our external security researchers. It’s also consistently been named a top bug bounty program by ..read more

Security is core to GitHub’s mission and our Product Security Engineering team is focused on continuously driving improvements to how GitHub develops secure software. One key component of GitHub’s security development lifecycle is our partnership with security researchers and the bug bounty community through the GitHub Security Bug Bounty Program. Launched in 2014, this program and our researchers have amplified our ability to ship secure products beyond what we could have achieved as an independent team at GitHub. Now in its seventh year, GitHub’s bug bounty program is a mature and reliable c ..read more