The web giant was criticized by security researchers for paying a measly $12.50 in Yahoo discount vouchers to security researchers at High-Tech Bridge for two cross site scripting (XSS) bugs they had reported. Yahoo's security head, Ramses Martinez, claimed later that he was behind the voucher reward program, and that he basically had been paying for them out of his own pocket.
Out of the embarrassment though has come a much healthier attitude toward white-hat hacking from Yahoo. The web giant has launched its new bug bounty program that allows white hats to submit bugs at bugbounty.yahoo.com and receive rewards between $250 and $15,000, depending on the severity of the bug discovered.
Yahoo has pledged to fix reported problems as quickly as possible, and gives the option for the bug hunter to be listed on its Wall of Fame that will show its top ten all time reporters.
"It is our hope that the official launch of this program will usher in a new, less-shirt-centric era for security at Yahoo. We look forward to open and productive collaboration with the community and doing our part to make the Internet more secure," wrote Martinez.
Written by: James Delahunty @ 2 Nov 2013 2:39
