1. Home
  2. Forums Index
  3. Local / Foo 11:00 am May 21, 2026

Forum Moderators: open

Message Too Old, No Replies

Yahoo Reviews Its Bug Report Policy: T-Shirts Weren't Enough!

         

engine

5:59 pm on Oct 3, 2013 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



Finding and reporting a serious bug at Yahoo has now gotten a whole lot more worthwhile.

Following the aftermath of a security firm revealing its reward -- $12.50 t-shirts -- for finding severe vulnerabilities in Yahoo services, the tech giant has begun a review of its Bug Bounty policies.Yahoo Reviews Its Bug Report Policy: T-Shirts Weren't Enough! [zdnet.com]


Amongst the new policy items, the reward is now more substantial ...
Reward: Perhaps the most important part -- the t-shirts are history, and will be replaced with rewards between $150 - $15,000 for vulnerabilities classified as "new, unique and/or high risk."
The new policy will be released by the end of October 2013. In the meantime, to appease disgruntled t-shirt holders, the firm will implement the new policy retroactively back to July 1, 2013

tangor

10:34 pm on Oct 3, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Dang it! The only bugs I've found recently are in my kitchen! (All squashed, of course!)

I never did get their thought process behind the t-shirts... though I might have left the "r" out in conversation with other brothers of the web. :)

Doing things on the cheap, or thinking folks will be happy with a t-shirt for discovering and reporting (instead of taking advantage of) serious security, has been an amazement.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Local / Foo 11:00 am May 21, 2026