GitHub's Security Bug Bounty program, launched in 2014, has evolved significantly, with 2018 marking a record $250,000 paid to researchers, thanks to initiatives such as researcher grants and private bug bounty programs. The program has continuously improved its processes, reducing the average time to triage and resolve vulnerabilities significantly. Notable highlights from 2018 include a GraphQL and API authorization researcher grant and participation in HackerOne's H1-702 live-hacking event, which led to numerous vulnerabilities being addressed. For 2019, GitHub announced major updates, including enhanced legal protection for researchers, an expanded scope to include more of its properties, and increased reward amounts for higher-severity vulnerabilities, emphasizing its commitment to security and collaboration with independent researchers.