• Fri. Oct 13th, 2023

GitHub & Hackers: Numbers, Plans

Avatar photo

ByEsme Greene

Sep 9, 2023
GitHub & Hackers: Numbers, Plans
Esme Greene
Latest posts by Esme Greene (see all)

GitHub, a hub for software developers, has released its Security Bug Bounty program’s ninth-year report, showcasing its dedication to cybersecurity.

GitHub‘s Bounty Triumph: Boosting Cybersecurity

Launched in 2014, GitHub’s program enlists independent researchers and ethical hackers to uncover and report vulnerabilities in its products, rewarding them monetarily. This collaboration fortifies GitHub‘s commitment to safeguarding users from cyber threats.

In 2022, the program achieved remarkable success, evident in these figures:

  • A total payout of $1,576,364 for 364 identified vulnerabilities, elevating the cumulative payout to $3,839,287 since 2016.
  • The evaluation of 2,042 potential vulnerability submissions, with 52% confirmed as valid.
  • A partnership with HackerOne for a vulnerability hunt event, uniting 45 hackers from 19 countries in Austin in June 2022.
  • Introduction of a gift store granting program participants branded rewards as bonuses for their contributions.
  • A 21% surge in program participants and a 58% rise in reports from newcomers.

A notable addition to the program was the partial disclosure of vulnerabilities that received a CVE (Common Vulnerabilities and Exposures) designation, enhancing transparency. GitHub now discloses select details about vulnerabilities in GitHub Enterprise Server (GHES) and open-source projects. Future plans include disclosing more reports through HackerOne.

GitHub encourages seasoned developers to actively engage in the Security Bug Bounty program, hinting at special events and conferences for its upcoming 10th anniversary. The program’s continuous evolution underlines GitHub’s steadfast commitment to cybersecurity.

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.