Offering cash rewards for vulnerability reports has become something of a norm when it comes to big tech companies these days.
Yahoo has changed its bug bounty policies following a deluge of negative
feedback in the wake of the news that ethical hackers were rewarded with $12.50 in gift vouchers for security flaw discoveries.
The company unveiled a new program to reward reporters who shed light on
bugs and vulnerabilities classified as new, unique and/or high risk
issues. Starting October 31, 2013, individuals and firms who report bugs
will be rewarded with anything between $150-$15,000.
"The amount will be determined by a clear system based on a set of defined elements that capture the severity of the issue," Director of security, Ramses Martinez, announced.
Yahoo denied that its new program was a response to the criticism, saying it was already working on a new bug bounty system before the furore.
Martinez begins by labelling himself as the "So I’m the guy who sent the T-shirt out as a thank you." Martinez says that before there was no formal process to recognize and reward Bug Hunters.
He said that the security team "didn't have anything formal for thanking people", so he began sending out the T-shirts as a thank-you.
Martinez writes: "I started sending a T-shirt as a personal "thanks."
It wasn't a policy, I just thought it would be nice to do something
beyond an email. I even bought the shirts with my own money. It wasn't
about the money, just a personal gesture on my behalf. At some point, a
few people mentioned they already had a T-shirt from me, so I started
buying a gift certificate."
"The fact that Yahoo is changing their programme is a good sign
because it will definitely help them to facilitate relationships with
security researchers," he said.
Another important announcement is that anyone who has already submitted a
bug report or security issue is that the reward program will be
backdated to July 1, 2013, so there could be checks dropping through
mailboxes in the near future.
0 comments:
Post a Comment