GitHub Offers Cash for Finding Security Holes
Security vulnerabilties can put a startup in harm's way, but GitHub, the software-development network, may have found a creative way to stave them off.
According to an email provided to Inc., GitHub just launched a clever program called the GitHub Bug Bounty to compensate hackers and researchers for finding and reporting holes in its network. The company is offering rewards from $100 up to as much as $5,000.
Not just any bug qualifies for the Bug Bounty, which also functions as a contest in which vulnerabilities are assigned a point value depending on factors such as their impact on the network and whether a user provides "an awesome write-up." The company's website has a leaderboard of the top bounty hunters, so you can track their contributions in real time.
There is also a set of rules hunters must follow, which range from the obvious--not attacking the company--to more nuanced parameters such as not reporting problems with insecure cookies or other information that poses only an insignificant risk. To submit a vulnerability, GitHub customers must provide their contact information, GitHub username, and a description of the vulnerability.
With security breaches making headlines these days, it's heartening to see GitHub, which is valued at $750 million, take a stand and get some of the very people who depend on its network to pitch in and fix it. Perhaps Target should have thought of that before its data breach over the holidays.
JILL KRASNY | Staff Writer | Staff Writer
Jill Krasny is a staff writer for Inc. magazine, where she covers the intersection of entertainment and startups. Prior to Inc., she was a writer for MTV and Esquire and an editor at TheStreet. She is a graduate of the University of Southern California with a degree in communication. She lives in New York City.