By 
GitHub has determined to expand rewards and increase the scope of its bug bounty program after paying an amount $250,000 in bug bounties last year in 2018.
GitHub exposed on Tuesday that previous year it paid out a sum of $165,000 to investigators who participated in its national bug bounty program. Security professionals merely earned remarkable money through private bug bounty programs of GitHub, investigator aids, and a live attacking event. The attacking event happened in August in Las Vegas and it emerged in the discovery of forty three flaws, for which the company paid out about $75,000.
GitHub has reported some significant modifications to its bug bounty program for the year 2019, containing the addition of legal protected harbor terms whose aim is to assure that investigators who look for flaws in its systems will not confront legal activity.
The organization states investigators are protected from legal activity even if they by chance trespass the scope of the bug bounty program, and they never have to concern about going against terms of policies and service. For instance, the GitHub Enterprise license limitations prevent reverse engineering, however reverse engineering will yet be permitted if it is associated to finding flaws for in-scope services.
GitHub also declared that its bug bounty program at the moment merely covers GitHub Learning Lab, GitHub Education, the GitHub Desktop application, GitHub Jobs, and GitHub Enterprise Cloud.
“It’s not just about our user-facing systems. The security of our users’ data also depends on the security of our employees and our internal systems. That’s why we’re also including all first-party services under our employee-facing githubapp.com and github.net domains,” the company explained.
Lastly, GitHub states it has determined that there will no longer be a maximal reward bound for crucial flaws, it has recorded the amount of $30,000 as the top limit, however the firm states it is merely a suggestion. High-severity matters can gain investigators up to $20,000, while medium-extremity vulnerabilities can be value as the amount $10,000.
