Yahoo bug bounty program goes live

By

Rewards up to $15,000.

Yahoo's bug bounty porgram has gone live that will reward security professionals for finding bugs in its applications over yahoo.com, flickr.com and related mobile and client-side apps.

Yahoo bug bounty program goes live

Bug bounty hunters who discover vulnerabilities in anything else related to Yahoo will be recognised in “another way,” according to the official release.

Rewards range from $250 to $15,000 based on the severity of the flaw. In order to qualify, the bug bounty hunter must be the first to report the issue and must give the Yahoo security team enough time to respond to and correct the vulnerability before it is made public.

Flaws that will be considered for monetary rewards include cross-site scripting, SQL injection, open redirect, remote code execution, cross-site request forgery, directory traversal, information disclosure, content spoofing and clickjacking. Yahoo will respond accordingly to other reported vulnerabilities.

The move appears to be in response to an early October media debacle that ensued after a Swiss penetration testing firm was rewarded $25 in Yahoo store credit for alerting the internet corporation of three significant cross-site scripting flaws.

The flaws, which affected the ecom.yahoo.com and adserver.yahoo.com domains, could allow any "@Yahoo.com" email account to be compromised if a logged-in user clicked a malicious link sent by a saboteur.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?