Skip to main content

Yahoo has splashed out over $1mn in bug bounty payments

Yahoo has announced that it has paid out in excess of $1 million to resourceful bug hunters who have sniffed out and reported security vulnerabilities.

The new Bug Bounty program from Yahoo marks a major change in terms of paying out decent wedges of cash for the discovery of a flaw, instead of the vouchers for T-shirts and other dubious Yahoo branded merchandise that the web giant used to give out.

The company noted that it has received 10,000 bug reports since the program kicked off, and 1500 of these have been given a bounty payment – meaning the average payment is something in the order of $670 (around £430).

Yahoo also stated that around 1800 participants are in the program, with a third of these having reported verifiable bugs. Half of all submissions are from the top 6 per cent of contributors, so things are weighted pretty heavily towards these tech-savvy dedicated bug hunters.

Ramses Martinez, Senior Director, Interim CISO at Yahoo, commented: “In the last year, the program evolved from a community sourced method of finding vulnerabilities to a key component of our application security program. One great example is how our Bug Bounty has become a feedback loop to determine the effectiveness of our application security controls.

“Our team uses each vulnerability report as a way to measure the impact of our developer training, effectiveness of scanning tools, and efficacy of source code reviews. This approach, over time, will lead to more secure applications and more secure Yahoo users.”

Darren Allan

Darran has over 25 years of experience in digital and magazine publishing as a writer and editor. He's also an author, having co-written a novel published by Little, Brown (Hachette UK). He currently writes news, features and buying guides for TechRadar, and occasionally other Future websites such as T3 or Creative Bloq and he's a copy editor for TechRadar Pro. Darrran has written for a large number of tech and gaming websites/magazines in the past, including Web User and ComputerActive. He has also worked at IDG Media, having been the Editor of PC Games Solutions and the Deputy Editor of PC Home.