Yahoo plans to pay “researchers” to find bugs

Yahoo is currently looking to start rewarding people who find and report bugs and vulnerabilities up to $15,000. This is primarily due to being heavily  criticized  for only paying someone $12.50 for finding and reporting a vulnerability.  Researchers who find a bug must  receive at least $150 for reporting it. Ramses Martinez, the director of Yahoo’s security team, has said that there was no formal process to reward people who reported vulnerabilities and that he would buy and send people t-shirts with his own money.

The article, from SC Magazine, states that he also began buying gift cards as well. Something like this could help the company a lot in security by providing incentives to actively search for bugs. Word about this could also redirect hacking efforts for the good of the company, rather than hacking it for personal information. I know that if I could get $15,000 for finding a big issue, I definitely would try.  What do you think?



2 thoughts on “Yahoo plans to pay “researchers” to find bugs

  1. Would it be possible to get all, $15 thousand as opposed to just $12.50 per bug? Since there are vulnerabilities, I wonder what Yahoo! is doing to help strengthen these weaknesses.

  2. Money being of on the strongest motives to find vulnerabilities (after national security), this decision makes plenty of sense. Still, the rewards are far from being enough to actually make a living from them. It is hard to envision someone working full-time on this.

Comments are closed.