Kicking off Cybersecurity Awareness Month: Researcher spotlights and additional incentives!
For this year’s Cybersecurity Awareness Month, GitHub’s Bug Bounty team is excited to offer some additional incentives to security researchers!
Cybersecurity Awareness Month is a global initiative that highlights the importance of protecting our digital work. At GitHub, security is the core of how we operate. We’re proud to participate and demonstrate our commitment to safeguarding our customer’s data. As such, GitHub’s Bug Bounty team is excited to celebrate the Cybersecurity Awareness Month this year with some additional incentives for security researchers! This includes:
- Bonuses for new and existing researchers.
- Bonus for providing Nuclei template for reproductions and fix verifications.
- Spotlight on a few of the talented security researchers who participate in the GitHub Security Bug Bounty Program.
Bonuses for new and existing researchers
For the month of October:
- A new hacker to our program will receive an additional 20% bonus on their highest severity valid submission.
- For returning hackers, we are offering an additional 10% bonus on their highest severity valid submission.
Note: these bonuses will only apply to (1) submission per researcher.
Bonus for providing Nuclei templates
A valid report that also contains a functional Nuclei template that we can use to both reproduce the report and verify that it is fixed will receive an additional 5% bonus. To learn more about Nuclei, please visit this documentation.
Researcher’s spotlight
Every year, we like to spotlight researchers who are participating in our program and learn more about them. In these interviews, we learn about their hunting methodology, interests, and more.
To read more about our previous spotlights, please check out:
- Cybersecurity spotlight on bug bounty researchers @chen-robert and @ginkoid
- Cybersecurity spotlight on bug bounty researcher @yvvdwf
- Cybersecurity spotlight on bug bounty researcher @ahacker1
- Cybersecurity spotlight on bug bounty researcher @inspector-ambitious
- Cybersecurity spotlight on bug bounty researcher @Ammar Askar
Stay tuned for more researcher spotlights this coming month!
Each submission to our bug bounty program is a chance to make GitHub, our products, the developer community, and our customers more secure, and we’re thrilled with the ongoing collaboration to make GitHub better for everyone with the help of your skills. If you are interested in participating, visit our website for details of the program’s scope, rules, and rewards.
Tags:
Written by
Related posts
From object transition to RCE in the Chrome renderer
In this post, I’ll exploit CVE-2024-5830, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.
Configure GitHub Artifact Attestations for secure cloud-native delivery
Introducing the generally available capability of GitHub Artifact Attestations to secure your cloud-native supply chain packages and images.
3 ways to get Remote Code Execution in Kafka UI
In this blog post, we’ll explain how we discovered three critical vulnerabilities in Kafka UI and how they can be exploited.