GitHub says that 2020 was the “busiest year yet” in vulnerability disclosure.
Over half a million dollars has been issued as rewards for researchers participating in GitHub’s bug bounty program over the past year, bringing total payouts to over $1.5 million. The Microsoft-owned vendor has operated the GitHub Security Bug Bounty Program for seven years. Bug bounty programs are now a common way for vendors to elicit help from third-party researchers in securing products and services. Years past, it was sometimes difficult to privately disclose bugs and many companies did not have a dedicated contact or portal for vulnerability reports — but now, both credit and financial rewards are often on offer. The vendor says that 2020 “was the busiest year yet” for GitHub’s program. “From February 2020 to February 2021, we handled a higher volume of submissions than any previous year,” GitHub says.
