Yahoo To Offer Bug Bounty Rewards Up To $15,000 65
aesoteric writes "Yahoo is set to launch its first formal bug bounty system after Swiss pen testers complained about the $12.50 vouchers offered for locating XSS vulnerabilities. The web giant also said the voucher rewards were informal and actually funded out of the pockets of the company's own IT security staff."
In other news... (Score:5, Insightful)
...The once powerful Yahoo grasps at straws to attract developers back after fucking them over for a few years...
Re: (Score:2)
Well, actually from 1787 they were 3/5ths of a human.
I don't think the word has any place in polite usage, but the is the internet.
Re: (Score:2)
Re: (Score:2)
Nope, didgeridoo players and even Kenny G beat them hands down on this: Circular breathing [wikipedia.org]
Re: In other news... (Score:1)
Go home Ballmer. You are drunk. And fired.
Re: (Score:1)
Yahoo Finance is very good.
Re: (Score:2)
...The once powerful Yahoo grasps at straws to attract developers back after fucking them over for a few years...
Perhaps even the non-developers — the Yahoo! Yodeler, Wylie Gustafson [sfgate.com] is one that comes to mind from over a decade ago.
But... (Score:2)
Do you still get the T-shirt?
Re: (Score:1)
We have an open relationship.
Re: (Score:1)
Don't worry about testing--your mom checked out great last night.
Dude? Seriously? You penetration tested mom? Uh, I don't mean to be a downer, but I hope you used a Trojan... If not, you should get tested for viruses.
Re: (Score:1)
You still use both IE and Yahoo? How quaint...
Re: (Score:2)
What about the comet cursors?
Definition of Scrooge (Score:3)
the web giant also said the voucher rewards were informal and actually funded out of the pockets of the company's own IT security staff
I don't know how many tshirts they gave out, but I am lead to believe it wasn't many. If someone freely out of their own good will helps you out, at your job! and you can only manage pony up $12.50 that is just an insult, I personally would prefer just a email of thanks than that!! Hell a case of beer maybe!!
I beat these guys aren't first in line to order a round on Friday night
Re: (Score:2)
The Yahoo store sells six packs of beer?
Re: (Score:2)
Only because we expect the humans giving us gifts to know us well enough to make it a bit more personal. In contrast, I want Yahoo to know as little about me as possible. They can send me $12.50 in BTC to an anonymous address, for all I care about how they reward people.
Uncle Tony writing a $12.50 check: Crass. Yahoo writing a $12.50 check: Insultingly ch
Re: (Score:3)
I don't know...
Yes, someone did notify you of something you probably didn't realise yet. And it might have become a problem for the company later on... if the wrong people found out just that. That person did it freely and out of his/her own good but it doesn't necessarily makes your job easier (maybe even harder because now you have to solve this while there are already enough other problems on your plate). It won't reduce your workload... your employer has enough other things for you to do... it won't get
Re:Good luck getting paid (Score:4, Interesting)
What about labor laws? (Score:2)
Some one may just say they did work and did not get paid and there is a full list of other stuff to come out let's say some works there and tells a friend about bugs they know about so that friend can get paid to tell them about it? OR even that is the way to get past the PHB.
Undestroy (Score:3)
Talk about your risk (Score:2)
A modest bug bounty proposal (Score:2)
I've had a couple of friends whose Yahoo email contacts, including me, got sent spams which were crafted to appear as though the spam was from the friend. The spams contained links presumed to be armed and dangerous. I wonder if Yahoo has a bug bounty for that one? Heck, I'd chip in ten bucks myself if somebody would fix that.
Found one (Score:2)
Its big, about the diameter of a silver dollar. Six legs, shiny black body, big pincers and semi transparent wings. Its sitting on cowboyneal's head.
Damage Control (Score:3)
Yahoo is set to launch its first formal bug bounty system after Swiss pen testers complained about the $12.50 vouchers offered for locating XSS vulnerabilities
In other words, Yahoo realized since word got around how lame their rewards were for reporting security vulnerabilities people were more likely to start looking to see how much more they could get selling them to the bad guys instead.
C'mon Now... (Score:1)
Hey, $15,000 will keep you in t-shirts and coffee mugs for life!
"Up to" - marketing magic (Score:2)
Re: (Score:2)
There is no wrong in your statement about $12.50 comes under "Up To $15,000,";
So there is no circunstance where you would give me up to $1,000,000 in correllation to proving you wrong on the above.
This is where I could prove you wrong.
But giving me up to $1.000.000 for proving you wrong would prove you right.
Finally, the only possible income of all this. is:
- You have to give me more than $1.000.000 for, proving you are wrong on advertising a reward to an impossible circunstance.
- And the reward has to be
Commend the Out of Pocket Expense (Score:2)
That also just lowers the credibility of Yahoo. They have to have their own employees pay for things in order to operate... Sounds like a startup.
So we can expect... (Score:2)
Of course, that would still sound better than giving out an insulting coupon for company swag.
All I got... (Score:1)
This is actually worse. (Score:1)
Before, it was Yahoo being cheap. Now it's Yahoo also screwing their own staff.
I swear I thought I saw... (Score:2)
..."Yahoo To Offer Bugs Bunny Rewards Up To $15,000"
Darn floaters.