This article was published on October 3, 2013

Yahoo reveals a new vulnerability reporting policy with rewards of up to $15,000


Yahoo reveals a new vulnerability reporting policy with rewards of up to $15,000

Yahoo revealed today that it will dole out rewards of up to $15,000 (and starting from $150) to individuals and firms that inform the company of bugs and vulnerabilities classified as new, unique and/or high-risk issues, as part of an updated vulnerability reporting policy.

This is a huge change from what Yahoo has been giving to researchers who have discovered bugs and reported them to the company: a t-shirt. Just a few days ago, Graham Cluley reported that researchers at High-Tech Bridge were rewarded with a $12.50 voucher to buy a corporate t-shirt.

Although the finalized policy will only kick in by October 31, the company is implementing the benefits retroactively back to July 1, 2013.

As it scrambles to brush up its image, Yahoo Paranoids director Ramses Martinez says in a blog post: “If you submitted something to us and we responded with an acknowledgement (and probably a t-shirt) after July 1st, we will reconnect with you about this new program. This includes, of course, a check for the researchers at High-Tech Bridge who didn’t like my t-shirt.”

Martinez adds that the company is improving its reporting process for vulnerabilities, with a new site that will make it easier to inform Yahoo of issues, which will in turn help to improve its overall speed and quality. He says that people who report issues that get validated by Yahoo’s team will be contacted directly in no more than 14 days after submission.

Headline image via Justin Sullivan/Getty Images

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with