Forget the T-shirts! Yahoo boosts bug bounty to $15,000
Yahoo is vastly increasing the bounty bug-hunters can hope to grab if they report a security issue to the company. The internet giant came in for criticism last month after a group of researchers discovered a scripting vulnerability and were rewarded with a Yahoo voucher for $12.50 -- which could only be used to purchase Yahoo merchandise. The company now sees the error of its ways and is increasing the rewards it offers, potentially up to $15,000.
Bugs and security issues are to be expected with all software -- it's an unfortunate reality that problems can and do arise. It is difficult for any developer to test every possible usage scenario, so it is often the users who discover problems with apps and online services. It is not uncommon for big-name companies to offer some form of compensation for helping out. Yahoo has already demonstrated its enthusiasm for improving security with its two-factor authentication features second sign-in and App Password.
Director of Yahoo Paranoids -- the company's security team -- Ramses Martinez explains all in a blog post. He says that while Yahoo is quick to work on issues that are pointed out, the company "didn’t have anything formal for thanking people", going on to say that the ridiculed t-shirts were paid for out of his own pocket -- as were the $12.50 gift certificates that replaced them.
But more importantly, Ramses also reveals details of the new reward program. There is a sliding scale which is dependent on the severity of the bug that is reported, but bug-hunters can now expect to pocket anything from $150 to $15,000. Full details of the program are yet to be finalized and published, but the new policy will come into effect at the end of October.
The great news for anyone who has already submitted a bug report or security issue is that the reward program will be backdated to July 1, 2013, so there could be checks dropping through mail boxes in the not-to-distant future.