For a while there I thought there had been so much bad news for Yahoo recently, that it ran the risk of wrestling the security dumbo award from its normal home in the tight grip of the Oracle Java team.
Leaving aside the absurd debacle of its recycled email address scheme, and its CEO not thinking that having a passcode on her smartphone might be a good idea, they found themselves in the firing line for their "Find a bug in Yahoo Mail and we'll give you $12.50 to buy one of our lousy t-shirts" slap-in-the-face for vulnerability researchers.
However, Yahoo appears to be trying to mend some of the damage.
In a self-effacing blog post entitled "So I'm the guy who sent the t-shirt out as a thank you", Ramses Martinez, a director for Yahoo Paranoids (one assumes that's the cutesy name for Yahoo's security department) described the new bounty programme. [Screesnshot]
Continued : http://grahamcluley.com/2013/10/yahoo-bug-bounty/
Yahoo! Finds! Cash! Behind! Sofa! For! Proper! Bug! Bounties!
Yahoo Promises Rewards of up to $15K / €11K for Reporting Vulnerabilities
Yahoo abandons T-shirt rewards for vulnerability information