Skip to main content [aditude-amp id="stickyleaderboard" targeting='{"env":"staging","page_type":"article","post_id":889166,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"dev,","session":"A"}']

GitHub enlists its hacker army to hunt down security nightmares in new bounty program

Image Credit: GitHub

GitHub, the code repository to the stars (and everyone else), is aware that it has vulnerabilities in its massive codebase. This is bad news for GitHub’s millions of users, but not to fear — the company is putting its best hackers on the job.

In a new bug bounty program, GitHub is specifically reaching out to white/gray-hat hackers in the security community to find all the nooks and crannies where bad guys might sneak into its codebase.

[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":889166,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"dev,","session":"A"}']

Said hackers find the vulnerabilities, they collect the bounty (both cash via PayPal and “points” for the leaderboard — sorry, no flipping Bitcoins), and everybody wins.

Right now, GitHub is seeking “researchers” to poke holes in the GitHub API, Gist (GitHub’s code snippet service), and GitHub.com. Bounty hunters can expect rewards ranging from $100 to $5,000, and people ages 13 and up from around the world (except trade-embargoed/governmentally sanctioned countries such as Cuba and the Sudan) are encouraged to participate.

AI Weekly

The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.

Included with VentureBeat Insider and VentureBeat VIP memberships.

Wouldn’t that be a fun line item on a teenage resume?

Cash rewards will be made at GitHub’s discretion for open bounties and perhaps for vulnerability reports on GitHub’s other apps, which range across a multitude of platforms.

The rules of the program pretty much follow the “don’t be a d**k” line of thinking: Don’t publicly expose a bug that hasn’t been fixed yet; don’t hack into someone else’s account or compromise other users’ data; don’t mess with scanners, DDoS attacks, or non-technical attacks.

The company will be opening up more bounties as time goes by. Happy hacking!

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More