The GitHub Bug Bounty Story

Learn how hacker-powered security illuminated their security blind spots.

GitHub has helped more than 20 million people work together to build more than 55 million projects. Lucky for their customers, they've taken a hacker-powered approach to keeping those projects safe and secure.

GitHub had been using all the typical approaches to identifying vulnerabilities, but in 2014, they launched a bug bounty program to get more eyes looking for vulnerabilities. Now they're uncovering—and fixing—vulnerabilities in ways and places they couldn't possibly cover with their internal teams. Download this case study to learn how GitHub is using hacker-powered security as a permanent part of their security program. Their story covers:

  • How a skillset-rich community of hackers helps spot vulnerabilities across both new and old code.
  • How GitHub automated more than 75% of their bug triage process by leveraging HackerOne's platform.
  • Why GitHub's security lead referred to their bounty program's ROI as "phenomenal!"
  • GitHub's tips for starting your own bounty program.

Thanks for your interest.

Download Now