Tuesday, October 14, 2014

Yahoo says its Bug Bounty Program has paid out $700,000 in rewards during its first year




Yahoo massively upset the security community last October when it forked out a measly $12.50 (in company vouchers, no less) as a reward for a researcher who identified a major vulnerability within its email service. There’s an expectation that unearthing a significant weakness in a product is followed by a decent level of compensation, but Yahoo bungled that call — a move that subsequently saw it set up a Bug Bounty Program.

One year after its creation, Yahoo says that it has paid out over $700,000 in cash rewards as part of the initiative. The US firm revealed that, all in all, it has seen contributions from over 600 security researchers.

Yahoo’s position is doubtless far stronger than a year ago, when it became a laughing stock for its paltry compensation offer to the researcher who fixed a major email issue.

Read more.

No comments:

Post a Comment