SOURCE CODE HOSTING WEBSITE Github has launched a bug bounty programme that will pay security researchers between $100 and $5,000 for every vulnerability they report.
The open source software library initiative aims to "better engage with security researchers".
"The idea is simple: hackers and security researchers find and report vulnerabilities through our responsible disclosure process," the outfit said in a blog post. "Then, to recognize the significant effort that these researchers often put forth when hunting down bugs, we reward them with some cold hard cash."
Hackers that successfully disclose the vulnerabilities they find will collect their bounties through Paypal while also adding points to the leaderboard, and everybody wins.
For example, if a researcher finds a reflected XSS vulnerability that is only possible in Opera, which is less than two percent of Github's traffic, then the severity and reward will be lower.
"But a persistent XSS that works in Chrome, which accounts for more than 60 percent of our traffic, will earn a much larger reward," the outfit added.
The bug bounty program is now open for a subset of Github services covering the Github API, Github Gist, and Github.com websites, but Github is planning to expand the scope at a later date as it "warms things up".
Last year Microsoft offered a reward of $100,000 for the first security researcher to crack Windows 8.1 as part of a bug bounty programme.
The Redmond firm's "Mitigation Bypass Bounty" paid anyone $100,000 that provided Microsoft with "truly novel exploitation techniques" against security protections built into the latest version of its operating system at the time, which was Windows 8.1 Preview. µ
Sign up for INQbot – a weekly roundup of the best from the INQ