After long time i am back with Good News and its for the Bug Bounty hunters! There are many companies out there who pays bounty to the researcher for finding the security vulnerability in their website like Google, Facebook etc.
From now the GitHub will offer the bounty to the security researcher who reports the security vulnerability and as they said they will reply to the security researcher as soon as possible.
The amount of the bounty is not fixed but it will be determined by the GitHub team based on the Risk and potential impact to their users.
Like if you have found the reflected XSS and which works only in one browser like opera then the bounty amount will be less because the number of the users of the opera browser are less! And if you have found the same vulnerability which works only on the Chrome then the amount of the bounty will be high and if you have found the XSS works everywhere then the amount of the Bounty will be highest.
Those who are under 18 (13-18) year old can also participate in this Bug Bounty Program and for the bounty they need to submit a guardian consent form to get the bounty amount.
You can report the vulnerability to the GitHub from here.
The GitHub Bug bounty program currently covers GitHub.com, GitHub API and GitHub Gist and the other products of the GitHub is not a part of this bug bounty program!