GitHub will start paying some bug bounty hunters in swag instead of cash
According to The New Stack, GitHub is altering its bug bounty program to pay some researchers in swag—branded merchandise—rather than cash. The change applies to certain categories of reports, though details on which vulnerabilities qualify for non-monetary rewards remain unclear. Bug bounties have long been a cornerstone of cybersecurity, providing structured incentives for independent researchers to disclose flaws. GitHub's move could discourage participation from top-tier researchers who rely on cash payouts, potentially leading to fewer or lower-quality submissions. The article notes that this decision comes amid broader industry debates about fair compensation in security research. No specific dates or monetary thresholds were provided, but the policy shift is effective immediately for new submissions. GitHub has not publicly detailed the rationale, but the change may reflect cost-cutting measures or a desire to prioritize certain vulnerability types.
Developers relying on GitHub may face increased security risks if fewer researchers participate in bug bounties.