GitHub Offers Cash for Finding Security Holes
BY Jill Krasny
The software startup has launched a "Bug Bounty" program, enlisting its users to put a stop to vulnerabilities in its network.
Security vulnerabilties can put a startup in harm's way, but GitHub, the software-development network, may have found a creative way to stave them off.
According to an email provided to Inc., GitHub just launched a clever program called the GitHub Bug Bounty to compensate hackers and researchers for finding and reporting holes in its network. The company is offering rewards from $100 up to as much as $5,000.
Not just any bug qualifies for the Bug Bounty, which also functions as a contest in which vulnerabilities are assigned a point value depending on factors such as their impact on the network and whether a user provides "an awesome write-up." The company's website has a leaderboard of the top bounty hunters, so you can track their contributions in real time.
There is also a set of rules hunters must follow, which range from the obvious--not attacking the company--to more nuanced parameters such as not reporting problems with insecure cookies or other information that poses only an insignificant risk. To submit a vulnerability, GitHub customers must provide their contact information, GitHub username, and a description of the vulnerability.
With security breaches making headlines these days, it's heartening to see GitHub, which is valued at $750 million, take a stand and get some of the very people who depend on its network to pitch in and fix it. Perhaps Target should have thought of that before its data breach over the holidays.