back to article Git money, git paid: GitHub waves larger wads of dollar bills to tempt bug hunters

Social code storage biz GitHub, now a ward of Microsoft, on Tuesday divulged plans to make itself more attractive to hackers by flashing larger sums of cash and offering better indemnity. The company's five-year-old Security Bug Bounty program is being refurbished with ampler awards and broader terms of engagement. Part of the …

  1. overunder

    I'll never understand this the same way Google got people to geomap for free. Which way should I be looking at these extremely low bug bounties? I see them now as better than nothing or it's all your worth. It would be different if you weren't contributing directly to a billion dollar corp. but to GNU or something. Why not sell or license them the fix?

  2. Robert Carnegie Silver badge

    But

    Does anyone else see a problem with regularly increasing the reward for finding a bug in the system? If I find one now, but I don't tell them until next year, then I get more money that way.

    I hesitated to mention that - but if you're smart enough to find the bugs, then you're smart enough to think of it without my help.

    1. DavCrav Silver badge

      Re: But

      "If I find one now, but I don't tell them until next year, then I get more money that way."

      Or someone else finds it and claims the money.

      "I hesitated to mention that - but if you're smart enough to find the bugs, then you're smart enough to think of it without my help."

      If you're smart enough to find the bugs, then you're smart enough to see the problem I mentioned above.

      1. Robert Carnegie Silver badge

        Re: But

        Sure, but there are bugs that nobody found for twenty years. You'd probably be safe waiting another year.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019