GitHub’s revamped VIP Bug Bounty Program
GitHub’s VIP Bug Bounty Program has been updated to include a clear and accessible criteria for receiving an invitation to the program and more. Learn more about the program and how you can become a Hacktocat, and join our community of researchers who are contributing to GitHub’s security with fun perks and access to staff and beta features!
GitHub’s bug bounty team has had an exciting start to the year. We launched our very own swag store, allowing researchers to earn exclusive bug bounty branded swag as a bonus perk to their earned bounty reward, and held two private beta feature engagements, which brought us great findings by our VIP researchers!
The addition of the swag store came from many conversations and feedback on how we can continue to improve our bug bounty program. In these conversations, we also were inspired to revamp our VIP program, a private program that has been operating for five years, where we privately invite researchers to gain exclusive access based on their contributions in securing GitHub. This revamp includes establishing clearer and more accessible criteria for receiving an invite to join the VIP program as a Hacktocat, more access to beta features, exclusive VIP-only swag, access to engineering and security Hubbers, and more! Let’s break it down.
How can one receive an invite?
A Hacktocat is someone who has consistently contributed to improving the security of GitHub through high-impact, credible reports via our bug bounty program. To receive an invite, a researcher must have:
- Earned at least $20,000 on our program.
- Submitted at least two reports in the last two years.
What are the perks?
Researchers who meet the above criteria unlock an invitation to work directly with GitHub staff, and other researchers, increasing the learning opportunity for more familiarity and understanding across our range of products and features. Specifically, our Hacktocats within the VIP program have direct access to:
- Many beta products and features before they roll out publicly
- GitHub Bug Bounty staff and engineers who are behind the beta features they’re getting access to 😄
- Exclusive Hacktocat swag
Our partnership with talented security researchers from across the community is pivotal in running a successful bug bounty program, so we thank all who continue to support and participate in our program. Your submissions are greatly valued and impactful to ensuring the safety and security of our products, our users, and the community, and we are excited to introduce even more incentives.
For more details regarding the program’s scope, rules, and rewards please visit our website! We look forward to seeing more Hacktocats join the program.
Tags:
Written by
Related posts
How GitHub uses CodeQL to secure GitHub
How GitHub’s Product Security Engineering team manages our CodeQL implementation at scale and how you can, too.
From finding to fixing: GitHub Advanced Security integrates Endor Labs SCA
The partnership between GitHub and Endor Labs enables application security engineers and developers to drastically reduce time spent on open source vulnerabilities, and gives them the tools to go from finding to fixing.
Cybersecurity researchers: Digital detectives in a connected world
Discover the exciting world of cybersecurity research: what researchers do, essential skills, and actionable steps to begin your journey toward protecting the digital world.