Yahoo Has Paid Out $1 Million to Security Researchers
According to a new post by Yahoo’s interim CISO, Ramses Martinez, the company’s budding bug report incentive program has now paid over $1 million. Some of the rewards have been as high as $15,000, and the lowest possible reward is $150. In the early days of Yahoo, the company would give a bug finder $12.50, no matter how important bug they found.
Martinez explained that a rating system had been implemented on the bug bounty platform as well. The rating system allows the company to know, at a high level, how important the contributions of each bug finder have been.
The reputation system has made our list of top vulnerability reporters more meaningful by illustrating not only the number of reports they have submit, but the severity value we assigned to each. The reputation system also gives researchers a quantifiable way to compare their skills with the rest of the participants in the program.
Yahoo’s bug bounty program has been named one of the essential security programs of our time. The argument has long raged as to whether benevolent hackers who find vulnerabilities need the incentive to report them or not. For Yahoo’s part, they have seen a serious increase in participation since becoming more serious about the awards it is willing to give bug finders.
Images from Shutterstock.