Github raises bug bounty prize

News
By
published

New rewards and legal protections now available to researchers searching GitHub for bugs

Image Credit: Pixabay (Image credit: Image Credit: Geralt / Pixabay)

GitHub is making things easier for researchers looking for bugs on its code-hosting site by removing the cap on its bug bounty program's top payout and offering new legal protections for white hat hackers.

After five years, the Microsoft-owned company has decided to revamp its bug bounty program by providing higher rewards for serious bugs and opening up more of its products to bug hunters.

GitHub has removed the limit on the maximum amount it will pay researchers for discovering critical bugs and they can now expect to be rewarded between $20,000 and $30,000 for each critical bug.

The company's bug bounty rewards have also been raised at lower levels and high-severity bugs will earn researchers between $10,000 and $20,000, medium-severity rewards will earn them between $4,000 and $10,000 and low-severity rewards are now between $617 to $2,000.

GitHub is also removing some of the legal risks researchers participating in its bug bounty program have been exposed to for violating the site's terms. The company has added a new set of Legal Safe Harbor terms to its site policy.

Researchers will now be protected from violating the terms of the company's site if their actions are carried out specifically for bug bounty research. They will also now be exempt from GitHub's Enterprise Agreement restrictions on reverse engineering and the company vows not to sue them should they overstep the scope of the bug bounty program.

Additionally, all of GitHub's first-party services including GitHub Education, GitHub Leaning Lab, GitHub Jobs and the GitHub Desktop application will be open to researchers searching for bugs.

The company's Phil Turnbull explained why it decided to raise its bug bounty rewards in a blog post, saying:

“We regularly assess our reward amounts against our industry peers. We also recognize that finding higher-severity vulnerabilities in GitHub’s products is becoming increasingly difficult for researchers and they should be rewarded for their efforts. That’s why we’ve increased our reward amounts at all levels.”

Via ZDNet

  • Protect your devices from the latest cyber threats with the best antivirus
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Pro
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
Hospital
Major Oracle outage hits US Federal health record systems
A digital representation of a lock
The true threat of business downtime
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Being ready when the cyber crisis happens
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps
Agentic AI has “profound” issues with security and privacy, Signal President says
botnet
Another top security camera maker is seeing devices hijacked into botnet
Latest in News
Nvidia geforce rtx 3050
RTX 5050 rumors detail full spec of desktop graphics card, suggesting Nvidia may use slower video RAM – but I wouldn’t panic yet
OnePlus 13
OnePlus is ditching the Alert Slider for an iPhone-style customizable button - and I’ll be sad to see it go
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
Q Acoustics Q SUB80, QSUB100 and QSUB120 subwoofers
Q Acoustics wants to bring the bass to your post-Oscars movie catch-up
Hospital
Major Oracle outage hits US Federal health record systems
Samsung Galaxy A56 display
Samsung’s new budget handsets are getting One UI 7 before the Galaxy S24 Ultra, and I’m as confused as you are
More about pro
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.

Being ready when the cyber crisis happens
botnet

Another top security camera maker is seeing devices hijacked into botnet
A digital representation of a lock

The true threat of business downtime
See more latest
Most Popular
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Tuesday, March 11 (game #373)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Tuesday, March 11 (game #639)
Quordle on a smartphone held in a hand
Quordle hints and answers for Tuesday, March 11 (game #1142)
botnet
Another top security camera maker is seeing devices hijacked into botnet
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
OnePlus 13
OnePlus is ditching the Alert Slider for an iPhone-style customizable button - and I’ll be sad to see it go
Nvidia geforce rtx 3050
RTX 5050 rumors detail full spec of desktop graphics card, suggesting Nvidia may use slower video RAM – but I wouldn’t panic yet
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
Michelle and Kid Cosmo watching a video projected onto a screen in Netflix's The Electric State movie
'We could not achieve that with puppetry or animatronics': Joe and Anthony Russo didn't want to build real-life robots for The Electric State for two big reasons
Workers at computers in an office
Cybersecurity workers aren't massively happy with their employers - but they are being paid pretty well