Blog Security We are increasing bounties in our bug bounty program
Published on: November 18, 2019
2 min read

We are increasing bounties in our bug bounty program

We're now offering higher bounties for critical and high severity reports.

banter-snaps-REyoFHP9pw8-unsplash.jpg

Since we opened our bug bounty program to the public in December 2018, our community of external security researchers submitted 1,282 reports and we paid out $515,899 in bounties.

This past September we told you we were iterating on how and when we pay out bounties. At that point we changed to a model where we pay out a part of the bounty right at the moment when a report is triaged. Now we're making more changes.

New! Increased bounties for critical and high severity reports

What’s better than money in your pocket faster? MORE money in your pocket faster.

Effective November 18, 2019, we are increasing the amount of bounty awards for new reports for critical and high vulnerabilities!

Critical (9.0 - 10.0) High (7.0-8.9) Medium (4.0-6.9) Low (0.1 - 3.9)
$20,000 $10,000 $3,000 $1,000

What isn’t changing:

• Program scope
• Severity criteria
• Rules of engagement
• Our SLAs for response, time to triage and time to bounty

The skills, depth of expertise and contributions of our security researcher community are strengthening the security of our product and our company in a very real way and we are excited to be able to recognize this with higher bounties. Thank you for your continued contributions and we look forward to your next report!

P.S. There’s still a little time left to participate in our bug bounty contest running October 1 through November 30. Report a bug and be entered to win a sweet piece of GitLab swag!

Photo by Banter Snaps on Unsplash

We want to hear from you

Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum. Share your feedback

Ready to get started?

See what your team could do with a unified DevSecOps Platform.

Get free trial

Find out which plan works best for your team

Learn about pricing

Learn about what GitLab can do for your team

Talk to an expert