Kicking off Cybersecurity Awareness Month 2025: Researcher Spotlights and Enhanced Incentives
For this year’s Cybersecurity Awareness Month, GitHub’s Bug Bounty team is excited to offer some additional incentives to security researchers!
October marks Cybersecurity Awareness Month, a time when the developer community reflect on the importance of security in the evolving digital landscape. At GitHub, we understand that protecting the global software ecosystem relies on the commitment, skill, and ingenuity of the security research community. We are proud to uphold our tradition of honoring this month by showcasing the essential work of researchers and introducing new opportunities to recognize your contributions. This includes:
- Additional incentives for valid submissions belonging to specific features.
- Spotlights on a few of the talented security researchers who participate in the GitHub’s Bug Bounty program.
Additional incentives for submissions belonging to specific features
For the month of October, 2025, we are introducing an additional 10% bonus on all eligible valid vulnerability submissions in Copilot Coding Agent, GitHub Spark, and Copilot Spaces features.
- Eligibility: Ensure your report clearly mentions how the vulnerability is associated with Copilot Coding Agent, GitHub Spark, or Copilot Spaces.
- Period: October 1–31, 2025
2025 Glass Firewall Conference: Breaking Bytes and Barriers
GitHub, in partnership with Capital One, Salesforce, and HackerOne, is hosting the Glass Firewall Conference, an exclusive event for women interested in security research and cybersecurity. Our goal is to empower and support women in pursuing ethical hacking and security testing, whether as a career or a hobby. We strive to create a welcoming environment where women can explore ethical hacking together, and to provide foundational knowledge to help them get started. Learn more and RSVP.
Researcher’s spotlight
Each year, we take the opportunity to highlight researchers who contribute to our program and share their unique experiences. Through these interviews, we gain insights into their security research approaches, interests, and journeys.
Explore our previous researcher spotlights:
- Cybersecurity spotlight on bug bounty researchers @chen-robert and @ginkoid
- Cybersecurity spotlight on bug bounty researcher @yvvdwf
- Cybersecurity spotlight on bug bounty researcher @ahacker1
- Cybersecurity spotlight on bug bounty researcher @inspector-ambitious
- Cybersecurity spotlight on bug bounty researcher @Ammar Askar
- Cybersecurity spotlight on bug bounty researcher @adrianoapj
- Cybersecurity spotlight on bug bounty researcher @imrerad
Stay tuned for more researcher spotlights this coming month!
Each submission to our Bug Bounty program is a chance to make GitHub, our products, the developer community, and our customers more secure, and we’re thrilled with the ongoing collaboration to make GitHub better for everyone with the help of your skills. If you are interested in participating, visit our website for details of the program’s scope, rules, and rewards.
Tags:
Written by
Related posts
Our plan for a more secure npm supply chain
Addressing a surge in package registry attacks, GitHub is strengthening npm’s security with stricter authentication, granular tokens, and enhanced trusted publishing to restore trust in the open source ecosystem.
Safeguarding VS Code against prompt injections
When a chat conversation is poisoned by indirect prompt injection, it can result in the exposure of GitHub tokens, confidential files, or even the execution of arbitrary code without the user’s explicit consent. In this blog post, we’ll explain which VS Code features may reduce these risks.
How to catch GitHub Actions workflow injections before attackers do
Strengthen your repositories against actions workflow injections — one of the most common vulnerabilities.