Offering cash rewards for vulnerability reports has become something of a norm when it comes to big tech companies these days. Think Facebook and Google, and both companies have spent over $1 million each as rewards for bug and vulnerability reports already. It comes as a bit of a surprise then that Yahoo! did not have a cash-reward policy to award to white-hats – yet. The company unveiled a new programme to reward reporters who shed light on bugs and vulnerabilities classified as new, unique and/or high risk issues. Starting October 31, 2013, individuals and firms who report bugs will be rewarded anything between $150-$15,000. The amount, of course, will be determined by a clear system based on a set of defined elements that “capture the severity of the issue”.
The tshirt that launched a Yahoo! revision
The announcement was made by Ramses Martinez, Director, Yahoo Paranoids in a blog post. Yahoo! had come under fire recently for dishing out a mere t-shirt as a reward for reporting bugs. Graham Cluely recently reported that researchers were being rewarded with a $12.50 voucher that can only be used in the Yahoo! Company Store to buy a Yahoo! corporate t-shirt or items like cups, pens and accessories. This resulted in the company conducting the research to hold off any more bug discoveries for Yahoo!In the blog post, Martinez clarified that Yahoo! did not have a concrete programme of rewarding researchers for bugs and vulnerabilities yet. The gift vouchers that were being sent to the researchers came as an act of goodwill on Martinez’s part. He ended up shelling out the money for these from his own pocket, he says.However, the company has decided to be benevolent with its money in order to keep the reports flowing. There have been improvements with regards to reporting, issue validation, issue remediation, recognition and reward and researchers will be rewarded with cash prizes now.
ReadMore:Android Games
No comments:
Post a Comment