This week, GitHub announced that it had paid hackers over $1 million in bug bounties across all of its programs in 2020 alone. The security bug program was launched in 2016 but has been accepting vulnerability reports since February of 2014. In 2019, the Microsoft owned company paid almost $600,000 in bounty rewards, stating that it was able to maintain an average response time of 17 hours despite a massive increase in submissions.
In 2019, GitHub released new features such as functionality to keep engineers informed of new pull requests and an improved vulnerability tracking feature among others. The platform stated that some of the vulnerabilities received so far in 2020 were highly valuable for the development cycle, resulting in the company rewarding more than $20,000 in bounties for security bugs in these products.