The Inquirer-Home

Github bug bounty programme offers up to $5,000 in rewards for hackers

Cash for spotting security vulnerabilities
Fri Jan 31 2014, 14:46
First Shellshock malware emerges

SOURCE CODE HOSTING WEBSITE Github has launched a bug bounty programme that will pay security researchers between $100 and $5,000 for every vulnerability they report.

The open source software library initiative aims to "better engage with security researchers".

"The idea is simple: hackers and security researchers find and report vulnerabilities through our responsible disclosure process," the outfit said in a blog post. "Then, to recognize the significant effort that these researchers often put forth when hunting down bugs, we reward them with some cold hard cash."

Hackers that successfully disclose the vulnerabilities they find will collect their bounties through Paypal while also adding points to the leaderboard, and everybody wins.

For example, if a researcher finds a reflected XSS vulnerability that is only possible in Opera, which is less than two percent of Github's traffic, then the severity and reward will be lower.

"But a persistent XSS that works in Chrome, which accounts for more than 60 percent of our traffic, will earn a much larger reward," the outfit added.

The bug bounty program is now open for a subset of Github services covering the Github API, Github Gist, and Github.com websites, but Github is planning to expand the scope at a later date as it "warms things up".

Last year Microsoft offered a reward of $100,000 for the first security researcher to crack Windows 8.1 as part of a bug bounty programme.

The Redmond firm's "Mitigation Bypass Bounty" paid anyone $100,000 that provided Microsoft with "truly novel exploitation techniques" against security protections built into the latest version of its operating system at the time, which was Windows 8.1 Preview. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Masque malware is putting iPad and iPhone user data at risk

Has news of iOS malware made you reconsider getting an iPhone?