Two years of bounties

GitHub's Security Bug Bounty program, launched two years ago, has been instrumental in identifying and rectifying security vulnerabilities, with 1,772 of 7,050 submissions warranting further review. This initiative has rewarded 58 researchers with a total of $95,300 for reporting 102 medium to high-risk vulnerabilities, covering all OWASP top 10 classifications. Notable discoveries include a browser vulnerability affecting GitHub cookies and an issue with RSA key generators producing weak SSH keys. The program has also seen vulnerabilities reported in GitHub's desktop apps, such as remote code execution exploits. In 2015, there was a notable increase in bounties donated to charitable causes, with GitHub matching these donations to organizations like the EFF and Médecins Sans Frontières. The program encourages ongoing participation and contributions from researchers to enhance GitHub's security landscape.