Yahoo launches $15,000 bug bounty program

Yahoo launches $15,000 bug bounty after $12.50 company voucher debacle
Web portal Yahoo launched a bug bounty programme on Friday following the scandal that unravelled last month, which saw a security firm rewarded with a $12.50 Yahoo Company Store voucher for uncovering a security flaw.

In what is good news for security researchers, Yahoo said that the bounty programme will now pay up to $15,000 to ethical hackers who find vulnerabilities in its web services, a much bigger reward than its previous policy of offering a company t-shirt. Read more at The Inquirer

Yahoo offers $15,000 to bug hunters
Yahoo is seeking to entice bug hunters with rewards up to $15,000 depending on the severity of the bug found. The web giant was criticized by security researchers for paying a measly $12.50 in Yahoo discount vouchers to security researchers at High-Tech Bridge for two cross site scripting (XSS) bugs they had reported. Yahoo's security head, Ramses Martinez, claimed later that he was behind the voucher reward program, and that he basically had been paying for them out of his own pocket. Read more at AfterDawn Oy

Following controversy, Yahoo officially launches bug bounty program
As promised, Yahoo formally kicked off its bug bounty program late last week, aiming to correct what many in the security industry viewed as misstep after it handed out a paltry $12.50 credit to a researcher for discovering a cross-site scripting error.

The company caught flak when in September when it was reported that the $12.50 – a scant prize as it is – came as a discount code that could be used toward Yahoo-branded merchandise like t-shirts, cups and pens from its store. Read more at Threatpost