Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream.
Yahoo’s days of rewarding security researchers with T-shirts may soon be over.
The company says it’s working on a more formal bounty program, which it hopes will attract researchers by offering rewards as high as $15,000 per bug.
The news comes via a post from Yahoo Paranoids director Ramses Martinez, who says that his company was only days away from announcing the program when Monday’s High-Tech Bridge story hit.
While Martinez notes that most companies offer bug reporters corporate swag in place of money, he also acknowledges that Yahoo isn’t like most companies. With 800 million monthly users, Yahoo has a lot of people counting on it.
Martinez says that the new program will offer an improved reporting process, quicker submission validation, and more rapid recognition for the researchers who report bugs. And then there’s the reward money, which starts at $150 and goes up from there.
“The amount will be determined by a clear system based on a set of defined elements that capture the severity of the issue,” Ramses writes.
For comparison, bounties for Facebook bugs start at $500 and have no maximum; some of Microsoft’s bounties go as high as $100,000; and Google maxes out rewards at $20,000. This puts Yahoo a bit on the low-end in terms of payouts.
The program will formally start on October 31, and should placate people like High-Tech Bridge CEO Ilia Kolochenko, who wrote on Monday that Yahoo needs to take security more seriously.
“If Yahoo cannot afford to spend money on its corporate security, it should at least try to attract security researchers by other means. Otherwise, none of Yahoo’s customers can ever feel safe,” he wrote.
VentureBeatVentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more