Yahoo starts $15,000 bug bounty system

Yahoo’s ‘bug bounty’ programme has launched following the t-shirt controversy in October.

The firm will pay up to $15,000 to ethical hackers who can find vulnerabilities in Yahoo’s web services, a much bigger step up from their previous policy of dishing out Yahoo merchandise vouchers to successful hackers.

Writing on Yahoo’s developer blog, the company’s head of security Ramses Martinez said the process had been an "extremely positive" experience.

"It is our hope that the official launch of this program will usher in a new, less-shirt-centric era for security at Yahoo," he said. "We look forward to open and productive collaboration with the community and doing our part to make the Internet more secure."

Martinez claimed last month that he was the person who instigated voucher-based rewards for hackers, even going as far as saying he paid for them out of his own pocket.

As well as increasing the rewards, the process behind bug reporting has been changed. A new, more automated submission service is expected to handle reports faster, while a new, clearer set of guidelines have been published to the bug submission page.

Last month, Yahoo found the headlines after researchers revealed they were paid only $25 for finding two serious XSS vulnerabilities on Yahoo domains.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing