Network Security, Vulnerability Management

Yahoo bug bounty program pays out more than $1 million to researchers

Yahoo has paid more than $1 million to security researchers under its bug bounty program, the company announced in a Tuesday blog post recapping the nearly two year operation.

Calling 2015 a “pivotal year,” the company's interim CEO, Ramses Martinez, wrote that “community engagement is at an all time high” and the team “is able to triage and fix bugs fast than ever.”

Submissions reached the 10,000 mark and approximately 1,500 of those resulted in a reward. Nearly half of submissions are from the top six percent of contributors, the post states, and 87 percent of researchers submit fewer than 10 bugs, or about 34 percent of submissions.

Martinez also pointed out the program's reputation system, which, he wrote, “has made our top vulnerability reporters more meaningful by illustrating not only the number of reports they submit, but the severity value we assigned to each.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.