Kicking off Cybersecurity Awareness Month: Researcher spotlights and additional incentives!
For this year’s Cybersecurity Awareness Month, GitHub’s Bug Bounty team is excited to offer some additional incentives to security researchers!
Cybersecurity Awareness Month is a global initiative that highlights the importance of protecting our digital work. At GitHub, security is the core of how we operate. We’re proud to participate and demonstrate our commitment to safeguarding our customer’s data. As such, GitHub’s Bug Bounty team is excited to celebrate the Cybersecurity Awareness Month this year with some additional incentives for security researchers! This includes:
- Bonuses for new and existing researchers.
- Bonus for providing Nuclei template for reproductions and fix verifications.
- Spotlight on a few of the talented security researchers who participate in the GitHub Security Bug Bounty Program.
Bonuses for new and existing researchers
For the month of October:
- A new hacker to our program will receive an additional 20% bonus on their highest severity valid submission.
- For returning hackers, we are offering an additional 10% bonus on their highest severity valid submission.
Note: these bonuses will only apply to (1) submission per researcher.
Bonus for providing Nuclei templates
A valid report that also contains a functional Nuclei template that we can use to both reproduce the report and verify that it is fixed will receive an additional 5% bonus. To learn more about Nuclei, please visit this documentation.
Researcher’s spotlight
Every year, we like to spotlight researchers who are participating in our program and learn more about them. In these interviews, we learn about their hunting methodology, interests, and more.
To read more about our previous spotlights, please check out:
- Cybersecurity spotlight on bug bounty researchers @chen-robert and @ginkoid
- Cybersecurity spotlight on bug bounty researcher @yvvdwf
- Cybersecurity spotlight on bug bounty researcher @ahacker1
- Cybersecurity spotlight on bug bounty researcher @inspector-ambitious
- Cybersecurity spotlight on bug bounty researcher @Ammar Askar
Stay tuned for more researcher spotlights this coming month!
Each submission to our bug bounty program is a chance to make GitHub, our products, the developer community, and our customers more secure, and we’re thrilled with the ongoing collaboration to make GitHub better for everyone with the help of your skills. If you are interested in participating, visit our website for details of the program’s scope, rules, and rewards.
Tags:
Written by
Related posts
Securing the open source supply chain across GitHub
Recent attacks on open source focus on exfiltrating secrets; here are the prevention steps you can take today, plus a look at the security capabilities GitHub is working on.
A year of open source vulnerability trends: CVEs, advisories, and malware
Reviewed advisories hit a four-year low, malware advisories surged, and CNA publishing grew—here’s what changed and what it means for your triage and response.
GitHub expands application security coverage with AI‑powered detections
CodeQL and AI‑powered detections work together in GitHub Code Security to identify vulnerabilities across more languages and frameworks.