GitHub says that 2020 was the “busiest year yet” in vulnerability disclosure.
Over half a million dollars has been issued as rewards for researchers participating in GitHub’s bug bounty program over the past year, bringing total payouts to over $1.5 million. The Microsoft-owned vendor has operated the GitHub Security Bug Bounty Program for seven years. Bug bounty programs are now a common way for vendors to elicit help from third-party researchers in securing products and services. Years past, it was sometimes difficult to privately disclose bugs and many companies did not have a dedicated contact or portal for vulnerability reports — but now, both credit and financial rewards are often on offer. The vendor says that 2020 « was the busiest year yet » for GitHub’s program. « From February 2020 to February 2021, we handled a higher volume of submissions than any previous year, » GitHub says.
