GitHub, the code repository to the stars (and everyone else), is aware that it has vulnerabilities in its massive codebase. This is bad news for GitHub’s millions of users, but not to fear — the company is putting its best hackers on the job.
In a new bug bounty program, GitHub is specifically reaching out to white/gray-hat hackers in the security community to find all the nooks and crannies where bad guys might sneak into its codebase.
Said hackers find the vulnerabilities, they collect the bounty (both cash via PayPal and “points” for the leaderboard — sorry, no flipping Bitcoins), and everybody wins.
Right now, GitHub is seeking “researchers” to poke holes in the GitHub API, Gist (GitHub’s code snippet service), and GitHub.com. Bounty hunters can expect rewards ranging from $100 to $5,000, and people ages 13 and up from around the world (except trade-embargoed/governmentally sanctioned countries such as Cuba and the Sudan) are encouraged to participate.
Wouldn’t that be a fun line item on a teenage resume?
Cash rewards will be made at GitHub’s discretion for open bounties and perhaps for vulnerability reports on GitHub’s other apps, which range across a multitude of platforms.
The rules of the program pretty much follow the “don’t be a d**k” line of thinking: Don’t publicly expose a bug that hasn’t been fixed yet; don’t hack into someone else’s account or compromise other users’ data; don’t mess with scanners, DDoS attacks, or non-technical attacks.
The company will be opening up more bounties as time goes by. Happy hacking!
VentureBeatVentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more