GitLab Celebrates $1 Million In Paid Bounties


GitLab has officially awarded more than $1 million in bug bounties to hackers on HackerOne for reporting valid vulnerabilities in the past year.

The milestone comes hot on the heels of the GitLab security team completing one year of its public bug bounty program in December 2019. The vulnerability disclosure program (VDP) was first launched in 2014 and soon moved to a private, paid bounty program.

With the help of HackerOne, GitLab built and launched its public bug bounty program in December 2018.

GitLab said its appsec team has worked with 768 different researchers since its PVD launched in 2014, including several of HackerOne’s all-time leading reporters. It has also resolved 479 reports and made 400 of those reports public. With 227 repeat reporters, GitLab said that their first engagement was a positive one.