logo
 
  1. IT-Security >
  2. Cyber Security Nachrichten >
  3. GitHub Paid $166,000 in Bug Bounties in 2017


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

➤ GitHub Paid $166,000 in Bug Bounties in 2017

RSS Kategorie Pfeil IT Security Nachrichten vom | Quelle: feedproxy.google.com Direktlink öffnen Nachrichten Bewertung

Git repository hosting service GitHub paid a total of $166,495 in rewards in 2017 to security researchers reporting vulnerabilities as part of its four year old bug bounty program.

Total payouts more than doubled compared to the $81,700 paid in 2016 and were nearly equal to the total bounties paid during the first three years of the program: $177,000. During the first two years of the program, the company paid $95,300 in bug bounties.

Throughout the year, the company received a total of 840 submissions to the program, but resolved and rewarded only 121 of them (15%). In 2016, GitHub rewarded 73 of the 795 valid reports it received, with only 48 submissions being deemed high enough to appear on bug bounty program’s page.

The number of valid reports fueled the increase in total payouts and also resulted in GitHub re-evaluating its payout structure in October 2017. Thus, the bug bounties were doubled, with the minimum and maximum payouts now at $555 and $20,000.

With the program continuously growing participation by researchers, program initiatives, and the rewards paid out, 2017 proved the biggest year yet, GitHub’s Greg Ose points out.

Last year, the company also announced the introduction of GitHub Enterprise to the bug bounty program, allowing researchers to find vulnerabilities in areas that may not be exposed on GitHub.com or which are specific to enterprise deployments.

“In the beginning of 2017, a number of reports impacting our enterprise authentication methods prompted us to not only focus on this internally, but also identify how we could engage researchers to focus on this functionality,” Ose notes.

He also says GitHub has launched its first researcher grant, an initiative the company has been long focused on. This effort involves paying “a fixed amount to a researcher to dig into a specific feature or area of the application.” Any discovered vulnerability would also be rewarded through the Bug Bounty program.

Last year, GitHub also rolled out private bug bounties, which allowed it to limit the impact of vulnerabilities in production. The company also rolled out internal improvements to the program, to more efficiently triage and remediate submissions and plans on refining the process in 2018 as well.

GitHub is looking to expand the initiatives that proved successful in 2017, launching more private bounties and research grants to gain focus on various features before and after they publicly launch. The company also plans additional promotions later this year.

“Given the program’s success, we’re also looking to see how we can expand its scope to help secure our production services and protect GitHub’s ecosystem. We’re excited for what’s next and look forward to triaging and fixing your submissions this year,” Ose concludes.

Related: GitHub Warns Developers When Using Vulnerable Libraries

Related: Hackers Earn Big Bounties for GitHub Enterprise Flaws

view counter
...

➥ Externe Webseite mit kompletten Inhalt öffnen

Kommentiere zu GitHub Paid $166,000 in Bug Bounties in 2017






➤ Ähnliche Beiträge

  • 1.

    USN-3415-1: tcpdump vulnerabilities

    vom 514.92 Punkte ic_school_black_18dp
    Ubuntu Security Notice USN-3415-1 13th September, 2017 tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixe
  • 2.

    USN-3415-2: tcpdump vulnerabilities

    vom 514.92 Punkte ic_school_black_18dp
    Ubuntu Security Notice USN-3415-2 13th September, 2017 tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in tcpdump Software description tcpdump
  • 3.

    Announcing TraceProcessor Preview 0.1.0

    vom 459.89 Punkte ic_school_black_18dp
    Process ETW traces in .NET. Background Event Tracing for Windows (ETW) is a powerful trace collection system built-in to the Windows operating system. Windows has deep integration with ETW, including data on system behavior all the way down to the ke
  • 4.

    Crypton - Library Consisting Of Explanation And Implementation Of All The Existing Attacks On Various Encryption Systems, Digital Signatures, Hashing Algorithms

    vom 346.12 Punkte ic_school_black_18dp
    Crypton is an educational library to learn and practice Offensive and Defensive Cryptography. It is basically a collection of explanation and implementation of all the existing vulnerabilities and attacks on various Encryption Systems (Symmetric and Asymmetric), Digital Signatures, Message Authentication Codes and Authenticated
  • 5.

    26-08-2019 | socks 5 & 4

    vom 311.79 Punkte ic_school_black_18dp
    Payment Instantly perfectmoney,bitcoin,wmtransfer,DASH,ETH(Please click Buy Socks) Update Tools Client Dichvusocks.us http://dichvusocks.us/tools.php Link check socks http://check.dichvusocks.us/ LIVE | 166.62.85.184:45004 | 5.55 | Arizona | 85260 | ip-1
  • 6.

    GitHub Paid $166,000 in Bug Bounties in 2017

    vom 304.09 Punkte ic_school_black_18dp
    Git repository hosting service GitHub paid a total of $166,495 in rewards in 2017 to security researchers reporting vulnerabilities as part of its four year old bug bounty program. Total payouts more than doubled compared to the $81,700 paid in 2016 and were nearly equal to the total b
  • 7.

    Lockdoor Framework - A Penetration Testing Framework With Cyber Security Resources

    vom 295.13 Punkte ic_school_black_18dp
    Lockdoor Framework : A Penetration Testing Framework With Cyber Security Resources.09/2019 : 1.0Beta Information Gathring Tools (21) Web Hacking Tools(15) Reverse Engineering Tools (15) Exploitation Tools (6) Pentesting & Security Assessment Findings Report Temp
  • 8.

    Commando VM v2.0 - The First Full Windows-based Penetration Testing Virtual Machine Distribution

    vom 231.23 Punkte ic_school_black_18dp
    Welcome to CommandoVM - a fully customizable, Windows-based security distribution for penetration testing and red teaming.For detailed install instructions or more information please see our blogInstallation (Install Script)Requirements Windows 7 Servic
  • 9.

    USN-4163-1: Linux kernel vulnerabilities

    vom 230.33 Punkte ic_school_black_18dp
    linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Descript
  • 10.

    USN-3260-1: Firefox vulnerabilities

    vom 206.82 Punkte ic_school_black_18dp
    Ubuntu Security Notice USN-3260-1 21st April, 2017 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Firefox could be made to
  • 11.

    SOCKS Proxy List - 08/29/2019 by Tisocks.net

    vom 202.66 Punkte ic_school_black_18dp
    SOCKS Proxy List by Tisocks.net If you Need Socks5 , Please visit service and add fund via PM , BTC WMZ , WEX . Thanks all!! Add fund : https://tisocks.net/addfund Check socks5 Online here : https://checksocks5.com LIVE | 166.62.83.128:47273 | 0.305 | SOCKS5 | Arizona | 85
  • 12.

    SOCKS Proxy List - 10/08/2019 by Tisocks.net

    vom 202.66 Punkte ic_school_black_18dp
    SOCKS Proxy List by Tisocks.net If you Need Socks5 , Please visit service and add fund via PM , BTC WMZ , WEX . Thanks all!! Add fund : https://tisocks.net/addfund Check socks5 Online here : https://checksocks5.com LIVE | 162.211.181.119:8801 | 0.285 | SOCKS5 | California