Github expanded the scope and increased rewards on bug bounty program
GitHub today announced the expansion of the bug bounty program and no longer set a bonus limit. The code-hosting site, affiliated with Microsoft, announced an increase in the amount of the award and added the Legal Safe Harbor clause to the policy. GitHub also revealed that in 2018, a total of more than $250,000 was paid through an open bounty program, research grants, private bug bounty programs, and a live-hacking event, of which $165,000 was paid to security research experts through a public bounty program.
GitHub launched the Bug Bounty Program in January 2014, and its scale has grown over the past five years, and the upper limit of the bounty has been increasing. Today, however, GitHub announced further expansion of the BUG bounty, covering all official services hosted under the github.com domain (GitHub Education, GitHub Learning Lab, GitHub Jobs, and GitHub Desktop), Enterprise Cloud, and corporate employees githubapp.com and github All official services under github.net domains.
GitHub has also increased the amount of bounty for each level of vulnerability. The specific adjustment is as follows:
- Critical: $20,000 – $30,000+
- High: $10,000 – $20,000
- Medium: $4,000 – $10,000
- Low: $617 – $2,000
