Jump to content

GitLab unveils bug bounty programme with up to $12000 for critical bugs - General Hangout & Discussions - InviteHawk - Your Only Source for Free Torrent Invites

Buy, Sell, Trade or Find Free Torrent Invites for Private Torrent Trackers Such As redacted, blutopia, losslessclub, femdomcult, filelist, Chdbits, Uhdbits, empornium, iptorrents, hdbits, gazellegames, animebytes, privatehd, myspleen, torrentleech, morethantv, bibliotik, alpharatio, blady, passthepopcorn, brokenstones, pornbay, cgpeers, cinemageddon, broadcasthenet, learnbits, torrentseeds, beyondhd, cinemaz, u2.dmhy, Karagarga, PTerclub, Nyaa.si, Polishtracker etc.

GitLab unveils bug bounty programme with up to $12000 for critical bugs


Recommended Posts

CODE REPOSITORY GitLab has opened its bug bashing programme to anyone - and there's some pretty tasty offers for participants.

Critical bugs, which GitLab defines as affecting over half of its customers, could be in line for a cool $12,000 for finding vulnerabilities. High impact bugs score $7500, mediums get $3000, and even if you find a bug that doesn't actually affect anyone, it could still be worth a grand.

The deals aren't quite as good as rival Github. Their top whack is $20000 and there's also a league table of contributors.

Though smaller than GitHub, GitLab is doing nicely thank you very much, bolstered by Microsoft's purchase of its rival, which ground gears for some developers whose open source dogma has been whacked out of joint. Mixed metaphors anyone?

GitLab's Kathy Wang explains that whilst some select  partners have been getting payouts for a while, from now on, anyone can be a bug-zapper:

"We have awarded over $200,000 in bounties since the bug bounty program went live last year. This means we mitigated nearly 200 vulnerabilities reported to us."

She goes on to explain that the Mean Time to Mitigation (MTTR) - in other words, the time it takes for the bugs to be patched, has dropped to below 30 days for critical issues, rising to 60 days for those ranked as medium, adding: "In managing a public bug bounty program, we will now be able to reward our hacker community for reporting security vulnerabilities to us directly through the program."

The first response also has a service level agreement, with 5 business days being the aim to acknowledge critical problems, with 10 business days covering lesser issues.

There are also penalties for anyone who abuses the system with false reports, sends data to 3rd parties, spams or ‘typosquats'.

Gitlab, which recently received a funding boost from merchant bank Goldman Sachs, has partnered with HackerOne to manage its bug bounties and there's already a dedicated page for them that wants. μ 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Customer Reviews

  • Similar Topics

  • Create New...

Important Information

By using this site, you agree to our Terms of Use.