Current Issue
This Month's Print Issue

Follow Fast Company

We’ll come to you.

1 minute read

Fast Feed

Find A Security Glitch, And Yahoo Will Now Reward You With Cash, Not T-Shirts

Days after the Internet went mad at Yahoo's measly reward for reporting security vulnerabilities, the company sets things right.

Find A Security Glitch, And Yahoo Will Now Reward You With Cash, Not T-Shirts

[Image: Flickr user AMagill]

If all you got in return for reporting a security vulnerability to Yahoo was a lousy T-shirt, don't fret. The company wants to fix its mistakes and is now paying up to $15,000 to anyone who reports bugs and vulnerabilities classified as new, unique and/or high risk issues—up substantially from the measly $12.50 promo code it offered before to be used on Yahoo's company store.

"My send a t-shirt idea needed an upgrade" writes Ramses Martinez, director of the Yahoo Security Team, aka Yahoo Paranoids, on the Yahoo Developer Tumblr. "I started sending a t-shirt as a personal 'thanks.' It wasn’t a policy, I just thought it would be nice to do something beyond an email. I even bought the shirts with my own money. It wasn’t about the money, just a personal gesture on my behalf."

Security researchers certainly didn't think so. Geneva-based security firm High-Tech Bridge wrote a strongly worded post on its website after being sent the $12.50 code for reporting three cross-site scripting (XSS) vulnerabilities that could allow any email account to be easily compromised. Yahoo is applying its new policy retroactively back to July 1, 2013, so until High-Tech gets that check in the mail, we hope they enjoy their Yahoo-branded T-shirts.