Several vulnerabilities identified in TheCartPress WordPress plugin
Several vulnerabilities identified in TheCartPress WordPress plugin

Oath has rolled out a unified bug bounty program, rolling existing bug bounty initiatives across its four different programs—Tumblr, Yahoo, Verizon Digital Media Service (VDMS) and AOL—into a single offering on the HackerOne platform.

“Surfacing vulnerabilities and resolving them before our adversaries can exploit them is essential in helping us build brands people love and trust,” said Chris Nims, CISO and Paranoid in Chief at Oath. 

Nims said programs across the four entities have paid out more than $3 million in bounties over four years and its network of researchers has swelled to more than 3,000.

The unified program's kick-off at a live nine-hour hacking event with 40 researchers last weekend in San Francisco resulted in more than $400,000 being paid out.

Under the new initiative, “security researchers will be able to work on the AOL, VDMS and Tumblr properties on an invite-only basis, while the Yahoo properties will be open to the public,” said Nims.