Yahoo is currently looking to start rewarding people who find and report bugs and vulnerabilities up to $15,000. This is primarily due to being heavily criticized for only paying someone $12.50 for finding and reporting a vulnerability. Researchers who find a bug must receive at least $150 for reporting it. Ramses Martinez, the director of Yahoo’s security team, has said that there was no formal process to reward people who reported vulnerabilities and that he would buy and send people t-shirts with his own money.
The article, from SC Magazine, states that he also began buying gift cards as well. Something like this could help the company a lot in security by providing incentives to actively search for bugs. Word about this could also redirect hacking efforts for the good of the company, rather than hacking it for personal information. I know that if I could get $15,000 for finding a big issue, I definitely would try. What do you think?