bug bounty

Learn more about the Bug Bounty program, including a recap of 2019’s bugs, our expanded scope, new features, and more.

Read about some big changes for the coming year: full legal protection for researchers, more GitHub properties eligible for rewards, and increased reward amounts.

Last month GitHub celebrated the fourth year of our Security Bug Bounty program. As we’ve done in the past, we’re sharing some details and highlights from 2017 and looking ahead…

We’re coming up on four years since the Bug Bounty program was first announced. A lot has changed in that time, and we constantly try to keep our reward structure…

A little over three years ago, we launched our Security Bug Bounty Program, a way to reward security researchers who help make GitHub more secure by reporting vulnerabilities in our…

In honor of our Bug Bounty Program’s third birthday, we kicked off a promotional bounty period in January and February. In addition to bonus payouts, the scope of the bug…

Last month, we announced the third anniversary of our Bug Bounty Program. While there’s still time to disclose your findings through the program, we wanted to pull back the curtain…

The GitHub Bug Bounty Program is turning three years old. To celebrate, we’re offering bigger bounties for the most severe bugs found in January and February. The bigger the bug,…

Despite the best efforts of its writers, software has vulnerabilities, and GitHub is no exception. Finding, fixing, and learning from past bugs is a critical part of keeping our users…

It’s already been a year since we launched the GitHub Security Bug Bounty, and, thanks to bug reports from researchers across the globe, 73 previously unknown security vulnerabilities in our…

Our users’ trust is something we never take for granted here at GitHub. In order to earn and keep that trust we are always working to improve the security of…