GitHub is offering unlimited rewards for critical vulnerabilities and has added safe harbor terms to its bug bounty program. The web-based hosting service said it paid out a grand total of $165,000 to researchers who found vulnerabilities in its products in 2018. GitHub said that it has increased rewards so that critical bugs now earn researchers between $20,000 and $30,000. There is no cap on these types of bugs, so the company could reward significantly more for truly cutting-edge research
Source: https://threatpost.com/github-scope-rewards-bug-bounty/142024/