Slashdot Mirror

← Back to Stories (view on slashdot.org)

GitHub Launches Bug Bounty Program, Offers Between $100 and $5,000

Posted by timothy on from the bounteous-maximus dept.

An anonymous reader writes "GitHub today launched the GitHub Bug Bounty program 'to better engage with security researchers.' In short, the company will pay between $100 and $5,000 for each security vulnerability discovered and responsibly disclosed by hackers. The program currently covers the GitHub API, GitHub Gist, and GitHub.com. GitHub says its other Web properties and applications are not part of the program, but it says vulnerabilities found 'may receive a cash reward at our discretion.'"

7 of 14 comments (clear)

  1. Re:Profit by Anonymous Coward · · Score: 1, Interesting

    In the GitHub system, not GitHub user code, numbnuts.

    But seriously, this whole gameification of work is getting pathetic. Everyone's a freelance mercenary fighting for scraps, and kids brought up on a battery of constant useless testing lap it up. No benefits and no job security.

  2. a WHOLE 100$ by Anonymous Coward · · Score: 1

    Isn't the bounty range a little low?

    1. Re:a WHOLE 100$ by kthreadd · · Score: 1

      No. Not really. That's just the lower bound.

  3. GitHub is non-free by Anonymous Coward · · Score: 1

    GitHub does not make the source code to it's software available under a free software license and includes non-free JavaScript. The service will also recommend non-free programs which is unethical. You should therefore not use the service, nor should you assist in improving it.

    1. Re:GitHub is non-free by Ibiwan · · Score: 2

      Go home, RMS; you're drunk!

      --
      -- //no comment
    2. Re:GitHub is non-free by yakatz · · Score: 1

      GitHub is one of the best designed Project-Hosting-as-a-Service websites that exists. They pay for hosting an untold number of free open-source repositories by selling their services to teams and companies. You can even buy a GitHub appliance that you host in your own network to make sure your code never leaves.

      If you want to use one of the "free as in speech" Git platforms, by all means, just do. But if you want a GUI, bug tracker, wiki, web hosting, etc. that cost a significant amount of money to develop - yet whose use is given away for free, use GitHub.

  4. voluntary, permanent ignorance by raymorris · · Score: 2

    That is true only if you start from the premise that the vast majority of people are stupid. In this case, that the vast majority of programmers / testers are stupid.

    Employment 40 hours per week is already an option for any programmer or tester who would participate.
    They look at it and guesstimate "running Nessus overnight will take 10 minutes of my time. If there are promising hits following up on the most likely will take ... ".

    One of three things must be true before a programmer participates:

    A) These programmers (math types) see that it's worth taking a quick look, that it's a good value for their time.

    B) They ENJOY finding errors, like solving a puzzle. It's a HOBBY.

    C) 98% of programmers are morons who don't know it's a waste of their time. YOU, however, have it all figured out. You're so much smarter than all of those programmers all over the world.

    I happen to know that B is true. I greatly enjoyed figuring out a bug I could use to take down Wikipedia.

    Your absolute arrogance, your total belief that you and only you have any wisdom or intelligence, blinds you to all of the actual wisdom in the world. When you think you're smarter than everyone else, you learn nothing. You remain in everlasting ignorance; self-inflicted, permanent ignorance.