GitHub, the software developers platform, published a report on the ninth year of their promotion program for detecting vulnerabilities in the Security Bug Bounty.
The GitHub Vulnerabilities Detection Program was launched in 2014. It allows independent researchers and ethical hackers to identify and report vulnerabilities in GitHub products and services, earning monetary rewards. This collaboration with security experts aims to protect GitHub users and communities from cyber threats.
In 2022, the GitHub vulnerabilities search program reached new heights. Here are some key numbers:
- 364 vulnerabilities were found and the company paid out $1,576,364, increasing the total amount of payments since 2016 to $3,839,287.
- 2,042 reports on potential vulnerabilities were received, with 52% of them confirmed as genuine.
- In June 2022, a joint event with Hackerone was held to search for vulnerabilities in GitHub’s code. The event took place in Austin and involved 45 hackers from 19 countries.
- A new souvenir store was launched where program participants can receive branded merchandise as bonuses for their reports.
- The number of program participants increased by 21%, with a 58% increase in reports from beginners.
One notable innovation in the program was the partial disclosure of information about vulnerabilities that received CVE (Common Vulnerabilities and Exposures) numbers. GitHub now publishes some details about vulnerabilities found in Github Enterprise Server (Ghes) – GitHub’s versions for corporate customers – as well as in open source projects. GitHub has plans to disclose more reports through the Hackerone platform in the future.
GITHUB representatives have called on experienced developers to actively participate in the Security Bug Bounty program. They also announced that the program will celebrate its 10th anniversary next year, with special events and conferences already being prepared.