GitHub’s revamped VIP Bug Bounty Program
GitHub’s VIP Bug Bounty Program has been updated to include a clear and accessible criteria for receiving an invitation to the program and more. Learn more about the program and how you can become a Hacktocat, and join our community of researchers who are contributing to GitHub’s security with fun perks and access to staff and beta features!
GitHub’s bug bounty team has had an exciting start to the year. We launched our very own swag store, allowing researchers to earn exclusive bug bounty branded swag as a bonus perk to their earned bounty reward, and held two private beta feature engagements, which brought us great findings by our VIP researchers!
The addition of the swag store came from many conversations and feedback on how we can continue to improve our bug bounty program.In these conversations, we also were inspired to revamp our VIP program, a private program that has been operating for five years, where we privately invite researchers to gain exclusive access based on their contributions in securing GitHub. This revamp includes establishing clearer and more accessible criteria for receiving an invite to join the VIP program as a Hacktocat, more access to beta features, exclusive VIP-only swag, access to engineering and security Hubbers, and more! Let’s break it down.
How can one receive an invite?
A Hacktocat is someone who has consistently contributed to improving the security of GitHub through high-impact, credible reports via our bug bounty program. To receive an invite, a researcher must have:
- Earned at least $20,000 on our program.
- Submitted at least two reports in the last two years.
What are the perks?
Researchers who meet the above criteria unlock an invitation to work directly with GitHub staff, and other researchers, increasing the learning opportunity for more familiarity and understanding across our range of products and features. Specifically, our Hacktocats within the VIP program have direct access to:
- Many beta products and features before they roll out publicly
- GitHub Bug Bounty staff and engineers who are behind the beta features they’re getting access to 😄
- Exclusive Hacktocat swag
Our partnership with talented security researchers from across the community is pivotal in running a successful bug bounty program, so we thank all who continue to support and participate in our program. Your submissions are greatly valued and impactful to ensuring the safety and security of our products, our users, and the community, and we are excited to introduce even more incentives.
For more details regarding the program’s scope, rules, and rewards please visit our website! We look forward to seeing more Hacktocats join the program.
Tags:
Written by
Related posts
Uncovering GStreamer secrets
In this post, I’ll walk you through the vulnerabilities I uncovered in the GStreamer library and how I built a custom fuzzing generator to target MP4 files.
CodeQL zero to hero part 4: Gradio framework case study
Learn how I discovered 11 new vulnerabilities by writing CodeQL models for Gradio framework and how you can do it, too.
Attacking browser extensions
Learn about browser extension security and secure your extensions with the help of CodeQL.