Connect with us

Hi, what are you looking for?


Management & Strategy

GitHub Paid Out $1.5 Million in Bug Bounties in 2022

GitHub says it paid out more than $1.5 million in bug bounties for 364 vulnerabilities in 2022, reaching a total of nearly $4 million since 2016.

Microsoft-owned code hosting platform GitHub on Tuesday announced that it paid out more than $1.57 million in rewards through its bug bounty program between February 2022 and February 2023.

As part of the program, which has been running on the HackerOne platform since 2016, GitHub handed out a total of over $3.8 million in bug bounty rewards.

Last year, the code hosting platform received more than 2,000 vulnerability reports and awarded bounties for 364 security defects. The highest number of submissions was registered in June 2022, during its H1-512 live hacking event in Austin.

A total of 45 in-person and remote researchers participated in the hacking event. Roughly half of the 182 received submissions were validated and GitHub handed out close to $700,000 in bug bounties.

“H1-512 was a fantastic opportunity for our team to experience the excitement and passion of our hackers in person. This event enabled us to break down the barriers of the screen and to make meaningful connections,” GitHub says.

The platform started a limited disclosure of reports for vulnerabilities in GitHub Enterprise Server (GHES) and open source projects that receive a CVE identifier, and plans to disclose more reports via HackerOne.

Additionally, GitHub continues to find new ways to expand its rewards for the reporting researchers, and says it will complement eligible submissions with non-monetary rewards to attract more white hat hackers to its bug bounty program.

Advertisement. Scroll to continue reading.

“We encourage researchers of all levels to submit reports to our bug bounty program. Your submissions are greatly valued and impactful to ensuring the safety and security of our products, our users, and the community,” GitHub notes.

Related: GitHub Warns of North Korean Social Engineering Attacks Targeting Tech Firm Employees

Related: GitHub Secret-Blocking Feature Now Generally Available

Related: GitHub Announces New Security Improvements

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.