Yahoo Finally Announces a new vulnerability reporting policy with rewards of up to $15,000

Internet Giant Yahoo have finally decided to come up with A New Bounty Plans for Security researchers.

After the last week incident with Yahoo providing 12.50$ voucher as bug bounty. and the whole Scene Covered by almost every media groups and bloggers. Yahoo finally came up with a descent Bounty plans for Security researchers. Yahoo revealed today that it will pay rewards upto 12500$, starting from 150$. depending upon the level of risk carried by the Vulnerability.

Ramses Martinez, Director, Yahoo paranids said on a blog post today,
So, I am the guy who started sending t-shirts as a thanks to people when they sent us a potential vulnerability issue. What an interesting 36 hours it has been.

‘i started sending a t-shirt as a personal โ€œthanks.โ€ It wasnโ€™t a policy, I just thought it would be nice to do something beyond an email. I even bought the shirts with my own money. It wasnโ€™t about the money, just a personal gesture on my behalf.’

revealed So Finally the Internet giant came up with the Descent bounty program, although the policy will come in effect from October 31, but the company will be implementing the benefits of the policy retroactively back from july 1 2013.

This includes, of course, a check for the researchers at High-Tech Bridge who didnโ€™t like my t-shirt, said martin.

Martinez, also said how his email was full of complaints and angry mails, about the T-shirt way of thanking,
And then yesterday morning โ€œt-shirt-gateโ€ hit. My inbox was full of angry email from people inside and out of Yahoo. How dare I send just a t-shirt to people as a thanks?

Company is improving the reporting process, and is building a new site for its bug bounty program. which will make the whole process of reporting and fixing the bug more simpler.

Abhishek Kumar Jha
Abhishek Kumar Jha
Knowledge is Power

Read More

Suggested Post