Bug Bounty third anniversary wrap-up

In celebration of the third anniversary of its Bug Bounty Program, GitHub launched a promotional bounty period in early 2016, expanding the program's scope to include GitHub Enterprise, which led to the discovery of several critical security vulnerabilities. The first prize went to a report on a SAML authentication bypass, while other prizes were awarded for remote code execution and server-side request forgery vulnerabilities. Despite a decrease in overall reports compared to previous years, there was an increase in session handling bugs and sensitive data exposure incidents, reflecting evolving security challenges. Transitioning to the HackerOne platform in April 2016 improved the program's efficiency, with GitHub maintaining a quick average response time of 16 hours and resolution time of 28 days. The program not only rewards researchers but also supports charitable donations, with bounties being matched by GitHub and donated to organizations like Doctors Without Borders and the Electronic Frontier Foundation. The company also sponsored events to encourage participation from underrepresented groups, demonstrating an ongoing commitment to community engagement and improving security practices.