engine - 5:59 pm on Oct 3, 2013 (gmt 0)
Finding and reporting a serious bug at Yahoo has now gotten a whole lot more worthwhile.
Following the aftermath of a security firm revealing its reward -- $12.50 t-shirts -- for finding severe vulnerabilities in Yahoo services, the tech giant has begun a review of its Bug Bounty policies.Yahoo Reviews Its Bug Report Policy: T-Shirts Weren't Enough! [zdnet.com]
Amongst the new policy items, the reward is now more substantial ...
Reward: Perhaps the most important part -- the t-shirts are history, and will be replaced with rewards between $150 - $15,000 for vulnerabilities classified as "new, unique and/or high risk." The new policy will be released by the end of October 2013. In the meantime, to appease disgruntled t-shirt holders, the firm will implement the new policy retroactively back to July 1, 2013