Click here to preview the new Fast Company

Want to try out the new

If you’d like to return to the previous design, click the yellow button on the lower left corner.

Find A Security Glitch, And Yahoo Will Now Reward You With Cash, Not T-Shirts

Days after the Internet went mad at Yahoo's measly reward for reporting security vulnerabilities, the company sets things right.

If all you got in return for reporting a security vulnerability to Yahoo was a lousy T-shirt, don't fret. The company wants to fix its mistakes and is now paying up to $15,000 to anyone who reports bugs and vulnerabilities classified as new, unique and/or high risk issues—up substantially from the measly $12.50 promo code it offered before to be used on Yahoo's company store.

"My send a t-shirt idea needed an upgrade" writes Ramses Martinez, director of the Yahoo Security Team, aka Yahoo Paranoids, on the Yahoo Developer Tumblr. "I started sending a t-shirt as a personal 'thanks.' It wasn’t a policy, I just thought it would be nice to do something beyond an email. I even bought the shirts with my own money. It wasn’t about the money, just a personal gesture on my behalf."

Security researchers certainly didn't think so. Geneva-based security firm High-Tech Bridge wrote a strongly worded post on its website after being sent the $12.50 code for reporting three cross-site scripting (XSS) vulnerabilities that could allow any email account to be easily compromised. Yahoo is applying its new policy retroactively back to July 1, 2013, so until High-Tech gets that check in the mail, we hope they enjoy their Yahoo-branded T-shirts.

[Image: Flickr user AMagill]

Add New Comment