This article talks about how Yelp is offering up to $15,000 in a new “Bug Bounty” program for security researchers. Any of the Yelp owned sites is part of this program. Yelp is particularly worried about vulnerabilities that result in ” ..sensitive data disclosure, data injection/exfiltration, insecure session management, etc,” These types of programs are very interesting. The company not only provides an incentive to researchers if they find a critical bug, but it also allows the researchers to legally try to penetrate the site, which might satisfy their desire to test out their skills. This also gives an opportunity to raise awareness for cyber security among the public. I hope more companies employ tactics like this in order to combat vulnerabilities.
http://www.securityweek.com/yelps-new-bug-bounty-program-promises-15000-payouts
This can be a lot of work, but is a good way to establish your credentials. Just don’t expect the top payoff. That is reserved for very significant finds.
Wade
Ahmed,
I love this article. To me, someone at Yelp is pretty smart. Basically they’re getting bug testing done by all the hackers of the world and they’ll pay you anything they want, up to $15,000!
It’s also great advertising! Way to go Yelp!
Scott