View Single Post
Old 10-08-2013, 06:51 AM
taitaguetanja taitaguetanja is online now
Junior Member
Join Date: Oct 2011
Posts: 3
Default Yahoo Responds To ‘T-Shirt-Gate,’ Decides To Actually Reward Security Res

<strong><a href="">cheap clothing</a></strong><br>
<strong><a href="">dress clothes</a></strong><br>
<strong><a href="">t-shirt</a></strong><br>

Yahoo Responds To ‘T-Shirt-Gate,’ Decides To Actually Reward Security Researchers
By Chris Crum · October 3, 2013 ·
Leave a Comment
Get the WebProNews Newsletter:
<p><strong><a href="">minzucloth</a></strong> Earlier this week, Yahoo was making some headlines for giving security researchers credit for its online corporate store as reward for finding security vulnerabilities in Yahoo products. </p>
<p><strong><a href="">t-shirt</a></strong> Researchers at High-Tech Bridge put out a press release calling attention to this, when they were “awarded” $12.50 in store credit per vulnerability, amounting to enough to get a Yahoo-branded t-shirt or a few pairs of socks featuring Yahoo’s old, outdated logo. </p>
<p><strong><a href="">clothing stores</a></strong> Apparently the attention did some good, as Yahoo is now offering anywhere from $150 to $15,000 for rewards. This was announced in a blog post by Yahoo’s Ramses Martinez, titled, “So I’m the guy who sent the t-shirt out as a thank you.” </p>
<p><strong><a href="">dress clothes</a></strong> He says that when he took over the team that works with the security community on issues and vulnerabilities, they didn’t have a formal process, so he wanted to give people t-shirts just to say “thank you,” thinking this would be more courteous than just an email. </p>
<p><strong><a href="">t-shirt</a></strong> “I even bought the shirts with my own money,” he writes. “It wasn’t about the money, just a personal gesture on my behalf. At some point, a few people mentioned they already had a t-shirt from me, so I started buying a gift certificate so they could get another gift of their choice. The other thing people wanted was a letter they could show their boss or client. I write these letters myself.”</p>
<p><strong><a href="">clothing stores</a></strong> He goes on to say that Yahoo was actually putting a new program into place, which would reward researchers for finding vulnerabilities, and that they were just “putting the finishing touches on the revised program, and then…’t-shirt-gate’ hit.” </p>
<p>You can see his general outline of the program in the post, but essentially, the company will pay out cash rewards in the range mentioned above with the amount being determined by a “clear system based on a set of defined elements that capture the severity of the issue.” </p>
<p>This should put an end to “t-shirt-gate” (I still prefer the socks angle). </p>
<p>Internet security vet Graham Cluley, who earlier slammed the t-shirt practice, got a statement from High-Tech Bridge in response to Yahoo’s announcement: </p>
<p>We were not doing our research for money, as we clearly said to Yahoo. However, we are glad that Yahoo is introducing new Bug Bounty Program that will facilitate their relations with security researchers and help them improving their corporate security.</p>
<p>The only unclear point I have right now is comment from their CSO who says that he paid researchers from his own pockets. Such action definitely deserves respect, but does he get his salary by Yahoo vouchers as well?</p>
<p>Either way, Yahoo’s new program should sit a lot better with security researchers, and perhaps win the company a little more respect in the field. As Cluely notes, however, there is still that matter of the recycled email addresses. </p>
<p> Image: Yahoo Company Store </p>
Share on Facebook
Related Items Bug Bounty Security T-Shirts Yahoo
About Chris Crum
Chris Crum has been a part of the WebProNews team and the iEntry Network of B2B Publications since 2003. Follow Chris on Twitter, on StumbleUpon, on Pinterest and/or on Google: +Chris Crum.
View all posts by Chris Crum &rarr;
Government Says Tech Companies Can’t Reveal Data Request Numbers Because Terrorism Ever since PRISM's reveal in early June, tech companies named as participants in the program have been trying to distance themselves from it. Part of that effort involved asking the federal governmen...
Bing Ads Finally Get Those Skype-Integrated Call Extensions Earlier this year, we reported that Bing was readying Skype-integrated click-to-call mobile ads, and now it has finally announced them.
On the Bing Ads blog, Microsoft's Ambrish Verma introduced ...
Yahoo Makes Another Sports-Related Acquisition With Hitpost Yahoo has made yet another acquisition. This time it's Hitpost, the company behind a handful of sports betting and polling apps.
The acquisition was first reported by TechCrunch, but now Hitpost...
&nbsp; Check Out This Article:
Solving Yahoo Security Issues Could Get You A Few Pairs Of Socks (With Yahoo’s Old Logo)
&nbsp; Check Out This Article:
Top Rated White Papers and Resources
What do you think? Respond. Cancel reply
Reply With Quote Share with Facebook