The bounty submission form utilizes HTTPS to encrypt your submission in transit to the bug bounty team. We have confidence that this provides the confidentiality required for vulnerability submissions. However, if you want to send us a vulnerability using PGP we still want you to have this option.
Please realize that using PGP will likely slow down our response to your submission. Under normal circumstances, a developer can view security reports and respond immediately, i.e. get a patch going within minutes and even paging people out of bed if it’s critical. If you PGP encrypt your message, only core members of the security team can triage your submission. Please be aware that if we receive an encrypted submission, unless your submission has an significant impact outside of GitHub, we will likely not reply utilizing PGP.
Still, if you feel your vulnerability submission requires the use of PGP, then you can find our public key below.
pub 4096R/EBA314E6 2014-02-18
Key fingerprint = 495D 2EB6 CD8B F2C0 C308 E373 315C B025 EBA3 14E6
uid GitHub Bug Bounty (Non-Incident Notification) <bounty@github.com>
sub 4096R/3032A531 2014-02-18
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.15 (Darwin)
mQINBFMDm4EBEACeDbjVnx0h71xcwDdGcPtvblt2hF5oWL5AxWgx69/0UdZUtlmz
KgRLNQvv1Qz7V1bKedxY0w+2a0uW8b0tvMwMUBLrVwuqvDuQfCrtqRzMZOdrlZA2
SqtoKKfSSBLpZPyoGHwVrPGS53CFqdCVOoEyx2caUEuSwYraXCOpBCtmqUAfhrjC
sFodhyyYX8pwC8XUVu/1hqNhJAFLXs8/IL+PcejB2ErzwI8lQPwjUi3KB74N8/9s
mq57QWUB6+K+lDvn6oR1+dRhPy/BDUkVsZcSqyMQFoMYurAGG/+dBR94ef4jKqTE
HfVYWeIvZFvn9b0LU+I3OzghbVzdzkVo1cy2KNVrfv46mC0fQB7SHWR48C8hcxG6
KJXd3OJPaZH3gBS7RB8L40jn12D5bDpL7XSJrck/1UZGW7MPnbioXs2UHikVCRgX
y7ObTZhR/TayHMQotjc4++TFwORkPzrKGukzhirBVLm4h7lUakB9cesY8J1kCEKp
2aUov2FDqiDGxr2XP6SXIHNMN8OK4L2xaCVPZINSbrSSjVpm4gZbdx2RxFXb+vjz
HNunjmN3WvGQqBv3g7Quw70sqmipcHa+BtsrecmHN3M+b2CHEbj+2YluFD8DffrT
mkvv3jtnYtpYZExlf6NSZMxd+9tm4kwxeqj+0INHuIhn59gs50zE8tJs8QARAQAB
tEFHaXRIdWIgQnVnIEJvdW50eSAoTm9uLUluY2lkZW50IE5vdGlmaWNhdGlvbikg
PGJvdW50eUBnaXRodWIuY29tPokCNwQTAQIAIQIbAwIeAQIXgAUCUwOeEAULCQgH
AwUVCgkICwUWAgMBAAAKCRAxXLAl66MU5qmlD/9VPhxFpZtvTzm0QKN4PWDaowBJ
vneKRMU93R2Jp+1KUXEDCI13w//j6cERs+dDxPyYN7VEzzmScNEtqzag1g52+KlY
UEaYTkh45rYpjB78bNiCGEvQnWvMwEDeXu3R5zBBk3+ybun47TU6IwK7zdxExky/
uzRRxTxIr7HGRNEDZbkrYnwvvOruLYw5VkkLN/Vtmc9K8sdnK7NoyOxpqyRGzAJq
/1WDUw0ryPJU7LaxeoTy60WY0PvALEdT3LyBRwWTPeJVf0j0pFno4TyEVxAy0cgS
/DFRtoTgLNBgTbbxhwYz19iaNK70YyWS2LfFMsE8dnaRy2uFhQNzt80j07WmIjbS
72PPgV6v+nkq6PAr6JWWEbub8F667GcfrMST5lk2bPWFgtZ8HNtIwPYLL02nxQeH
MuQ72vI0GevxmkFZYLDiRnfbZs+uth67MMeqYy5RoXJ2/+9GplxLsCS4uWxN62we
Wcq2K7pAs6v2l0YMc1riElpNoDTUfAry4pKeci8xp55i7LeCjYO8OLfkvkxJQVDW
Mnjxcyu7FrqkAq60jKCRfTSV1KJucelYXfEX/1sJkARsZBFAUYbNJ9IMltctaMK6
xr4HCGMCHvlMJgckAOLMUmvvAOq10mkCtOltq4qO89TWULK09q4t6eqIH/1QhUmW
nIfYKvXJNBIku/HoT7kCDQRTA5uBARAAueumJ+OURGMFgFaF9fmrjnfJxEd6ioWe
HWREdilQZ7E7zj39od40v5A2j5XFs1BV17Yg6xCbM8UC8Vtd5jAxgVcdlySBtThx
tDFvlNIioTJPcinsSGSldDSrtBDT+8R9EEhNjdwQAqgQ29OBmdkiMKXPtb2mv4aT
DZzZQs9nvra/I1XwirlYbx/cuwbitswO/xad+MA94aGjp/9B/pdEBRNhduNpwhU6
wAH+MA57Q3HGJmayUjXltDB/Qc200tg8XVupJD1SOrZS+78WiSssI8H0UPHvh55j
RNaxyzevtAMrtD69iUzk04D5OQqKkkA2+TNPAx+CeOD7LGbziKNXx0WfuydTUXZM
RC7obONDXymxebsvw3bvDVTFe/h8TlPdJhWX2/ihOIUfD+bPLu4z/549BjvvCqBH
g2w9RlwcnExl9ULy28V3SYvbJQInZrZJQd6a/tSUPPI66xY1wF63eolnMPudYyqR
JAPp0/t8Ph7scCFGmjEz3kZQo6vWLal3nSBTjx8lT/XTRrAFASCcahcsvZX+iXi0
ea4o2qd43giYRDnSUlQrJSclLup47wURbIL+B3UsFjSdFu7JdHE0FIc0zNYQNceK
sLfRqM4gGZz6WMWnM7fUeEFeF34VEBXRdcyAAP1QhJLIavriMXiPliwG7DdJQWAk
W+ygvTcnROcAEQEAAYkCHwQYAQIACQUCUwObgQIbDAAKCRAxXLAl66MU5hMED/95
LfACjTOzA1b/jH+KzkVgaexa5bgsfuMSvq8qaSf1FWrmmnjUoMza68C2sDs8RpAv
bmoZYU9SQXdiWJbGCYaX+7ocm6zWDbnj1VIx3DpSHCPsmP/yKhX/U0d1SRF957Tf
8c7HkV28IIfHaY9LiYArT4XiVuu3hpQEC7OKkjhbtsr1ZJNFUUsZh1YkOKfmOErV
0RTwcYv1FJacD6ueQS9Xx2zvNLcZpuPIBb8HEIXalsWNnf7Wt6voCwqIG/JDtob4
X6wWTpTgKUyzW7AHK7QFkadshrX7j7GSL5n4sOusSfS45IdvWQJPuDdqI04PlIg3
Q2yrFh3EkDcdvdMnoXYp13HGmY5BA/33xTSnzkJpvb8uf+6qwjErl7YzGnMMei43
T3uLNdWxOIE1SgzrJEfFqyHkXtOedRJorRbACtYscWC6/82K3gUtenUGUNKF5IZI
hA3cWTNhIYZCtydpP+P74fkYm1xUUmsB9cnqvvaM6UKD3kFJzv/6MDrjXYXhaHtx
13uMAyU3vfBTYcpKZHNJbt7y3tzwHrIqlsIIfvhFJ/OErIxtqsp/vv3omSYZoc7y
mYP6VD3WQyZDEuxB2bYQNiOl/79a119+/zpTyc3PlCzWjW3CPf88R0zQKBWfQM4z
+1R9Mq9z3W5ogEFLU6uJEW/JqWirkShoo0LW0nzOYQ==
=D5Mg
-----END PGP PUBLIC KEY BLOCK-----