The website announces that its rewards program is open to the participation of the general public
The GitLab developing team reports that its bug bounty program has been kept active throughout the 2018, paying about $200k USD and helping to solve about 200 vulnerabilities. According to experts in digital forensics from the International Institute of Cyber Security, this program is available to any professional in the cybersecurity industry who wants to submit a report to GitLab.
“Managing a reward program open to the general public we will be able to continue the joint work with the ethical hacking community and keep discovering security vulnerabilities thanks to this program”, Kathy Wong, director of security at GitLab mentioned.
The organization announced rewards of up to $12k USD for critical vulnerability reports through its HackerOne page. GitLab is also committed to responding to reports received “within 5 business days or less,” its digital forensics team reported.
It was the year 2014 when GitLab launched its vulnerability bounty program for the first time. Although no rewards were offered at that time for the reports they received, the company would end up making payments for reports a time later, by launching its program in 2017.
With regard to the decision to publicly disclose reports received by GitLab, Kathy Wong mentioned that this decision was made “in contribution to open source development”. “We currently make public the details of security vulnerabilities 30 days after the release of mitigations, while some companies take even months to reveal something,” the executive mentioned.
In addition, the GitLab digital forensics team announced that they will be eliminating support for the TLS 1.0 and 1.1 protocols before the end of the year, and also remind hackers dedicated to the search for vulnerabilities that can receive “an exclusive HackerOne bounty and reasonable compensation in exchange for bug reports”.
Recently GitLab was news because of its decision to move its main site to Google Cloud after GitHub, its main rival, was acquired by Microsoft.