Monday 4 November 2013

Yahoo launches $15,000 bug bounty system after t-shirt scandal

Yahoo
Yahoo's long-anticipated bug bounty programme has launched following October's "T-Shirt gate" controversy.
The web firm will now pay up to $15,000 to ethical hackers who find vulnerabilities in its web services, a bigger offering than its previous policy of providing Yahoo merchandise vouchers.
Writing on Yahoo's developer blog, the company's head of security Ramses Martinez said the process had been an "extremely positive" experience.
"It is our hope that the official launch of this program will usher in a new, less-shirt-centric era for security at Yahoo," he said. "We look forward to open and productive collaboration with the community and doing our part to make the Internet more secure."
Martinez claimed last month that he was the person who instigated voucher-based rewards for hackers, even going as far as saying he paid for them out of his own pocket.
In addition to ramping up the rewards for finding security flaws, the process behind bug reporting has been overhauled, according to Yahoo. A new, more automated submission service is expected to handle reports faster, while a new, clearer set of guidelines have been published to the bug submission page.
Yahoo's seemingly inadequate bug bounty reporting system found itself in the limelight after researchers from security firm High-Tech Bridge revealed they had been paid $25 for the discovery of two relatively serious XSS vulnerabilities on Yahoo domains.
In a subsequent blog post, Yahoo's Martinez claimed the submission and recompense process had already been undergoing an overhaul even before High-Tech Bridge's blog post although the timing of the claim seemed a little too well-timed. For hackers who still want Yahoo merchandise T-shirts are still on offer.

No comments:

Post a Comment