Security News > 2021 > June > GitHub Paid Out Over $1.5 Million via Bug Bounty Program Since 2016
Microsoft-owned software development solutions provider GitHub announced on Friday that it has paid out more than $1.5 million through its bug bounty program since 2016, when it started using the HackerOne bug bounty platform.
According to the company, in 2020, it paid out over half a million dollars for more than 200 vulnerabilities affecting its products and services.
GitHub said it received more than 1,000 submissions through its public and private bug bounty programs, and claimed that its response times improved by 4 hours compared to 2019 - the average in 2020 was 13 hours to the first response.
GitHub has also shared some information on the private bug bounty programs conducted last year, and described one of the most interesting vulnerability reports it received in 2020.
"2021 has seen significant investment and growth across GitHub's security program. In June, we created a new internal team dedicated to the execution and growth of our bug bounty program," said Greg Ose, director of product security engineering at GitHub.
GitHub recently announced that it has updated its policies on vulnerability research, malware and exploits, pointing out that it welcomes and encourages dual-use security research.