Home / Companies / GitLab / Blog / Post Details
Content Deep Dive

2021: Smashing bugs and dropping names

Blog post from GitLab

Post Details
Company
Date Published
Author
Heather Simpson
Word Count
1,071
Company Posts That Month
18
Language
English
Hacker News Points
-
Summary

In 2021, GitLab's Application Security team implemented several changes to enhance its bug bounty program, including transitioning to a managed program on HackerOne, which improved their capacity to address vulnerabilities by focusing on fixes and defense-in-depth improvements. The team awarded a total of $280,000 in bounties for 752 reports from 405 security researchers, reflecting a commitment to competitive rewards and recognition for contributors. GitLab also focused on transparency by detailing their Bug Bounty Council process and utilizing a CVSS calculator for consistent vulnerability scoring. The organization shared insights and tips for effective bug hunting through video content and AMA sessions with top hackers, aiming to inspire and educate participants. Looking forward, GitLab plans to refine its security backlog, expand program scope, and continue improving processes while celebrating the achievements of notable contributors in their third annual bug bounty contest.

Trends Found in this Post

No tracked trend matches for this post yet.