"GitHub Paid Out Over $4 Million via Bug Bounty Program"

GitHub has recently announced that through its bug bounty program, which the company launched ten years ago, it has paid out more than $4 million.  In 2023, the bug bounty paid out exceeded $850,000.  GitHub noted that its annual bug bounty payout has exceeded $800,000 since 2021.  The largest single reward in 2023 was $75,000 for a vulnerability that allowed access to the environment variables of a production container.  In addition to rewarding regular vulnerability reports, the company also ran several private bounty engagements last year with members of its VIP program.  The company announced that in the next year, they are looking to improve their processes around payout on validation, work towards the next phase of public disclosures, continue to bring more consistency around private bounties for their community, and offer exclusive training and opportunities for their VIP community.

SecurityWeek reports: "GitHub Paid Out Over $4 Million via Bug Bounty Program"