TechCrunch has just reported that Yahoo has paid bug hunters $700,000 in rewards during the Bug Bounty Program’s first year.
The program is a reaction to the security community’s complaints that the company was taking advantage of researchers by paying them a mere $12.50 in company vouchers for finding weaknesses in Yahoo’s products. In an attempt to clean up their image among the security community Yahoo is boasting that it has paid out over $700,000 to more than 600 researchers so far. – And has even sent out some T-shirts to researchers who find vulnerabilities of significant value.
With the launch of the Bug Bounty Program, payouts have gone from $12.50 to a range of $50 to a maximum of $15,000.