Security News > 2020 > March > GitHub Paid Out Over $1 Million in Bug Bounties
GitHub this week announced that it has paid out over $1 million in rewards to the security researchers participating in its bug bounty program on HackerOne.
The security bug bounty program was launched on the hacker-powered platform in 2016, but GitHub has been accepting vulnerability reports since February 2014.
Last year alone, the Microsoft-owned service paid almost $590,000 in total bounty rewards across its programs, and says it was able to maintain an average response time of 17 hours despite an increase in submissions of 40%. In 2019, GitHub released several new features that were added to its bug bounty program, such as functionality to keep engineers informed of new pull requests that need attention, an improved vulnerability tracking feature in automated security updates, GitHub for mobile, GitHub Actions, and Semmle's LGTM tool.
The event, GitHub says, was a success, and it paid over $155,000 to researchers in one night, with half of the rewards being handed out for high or critical severity issues.
For 2020, GitHub is committed to moving forward with the Security Lab bounty program, which aims to secure all open source software, and says it will be assigning CVEs to submissions that affect GitHub Enterprise Server.