bug bounty

Some changes after

Let’s take a look at 10 key moments from the first decade of the GitHub Security Bug Bounty program.

GitHub received a bug bounty report of a vulnerability that allowed access to the environment variables of a production container. We have patched GitHub.com and rotated all affected credentials. If you have hardcoded or cached a public key owned by GitHub, read on to ensure your systems continue working with the new keys.

We’re excited to highlight another top contributing researcher to GitHub’s Bug Bounty Program—@Ammar Askar!

For this year’s Cybersecurity Awareness Month, the GitHub bug bounty team is excited to feature another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program—@inspector-ambitious!

It was another record year for our Security Bug Bounty program! We’re excited to highlight some achievements we’ve made together with the bounty community in 2022!

GitHub’s VIP Bug Bounty Program has been updated to include a clear and accessible criteria for receiving an invitation to the program and more. Learn more about the program and how you can become a Hacktocat, and join our community of researchers who are contributing to GitHub’s security with fun perks and access to staff and beta features!

We’re excited to share the newest addition to our GitHub Bug Bounty Program!

As we wrap up Cybersecurity Awareness Month, the GitHub bug bounty team is excited to spotlight one of the security researchers who participates in the GitHub Security Bug Bounty Program.

It was another record year for our Security Bug Bounty program. We’re excited to highlight some achievements we’ve made together with the bounty community from 2021!

We’re excited to highlight another top contributing researcher to GitHub’s Bug Bounty Program: @yvvdwf

GitHub’s bug bounty team is excited to kick off Cybersecurity Awareness Month with a spotlight on two security researchers who participate in the GitHub Security Bug Bounty Program.

GitHub’s bug bounty program is now a mature component of how we improve product security. We’re excited to highlight some achievements (and interesting vulnerabilities)!

Learn more about the Bug Bounty program, including a recap of 2019’s bugs, our expanded scope, new features, and more.

Read about some big changes for the coming year: full legal protection for researchers, more GitHub properties eligible for rewards, and increased reward amounts.