Yahoo! has taken a step further its reward programme for friendly hackers and security researchers by announcing it that will offer rewards of up to US$1,500.
In a blog post, the company said it was planning to announce the programme later this month, but had to move fast as some of the people it had rewarded with T-shirts sent angry emails to the company.
Ramses Martinez, Yahoo!’s security team director, revealed in the post he had personally sent researchers T-shirts and thank you notes as a reward for uncovering vulnerabilities.
“It wasn’t a policy, I just thought it would be nice to do something beyond an email,” Martinez said. “I even bought the shirts with my own money. It wasn’t about the money, just a personal gesture on myself.”
Yahoo! will now reward individuals and firms who identify bugs with an amount starting from US$150 up to US$1,500 and a formal recognition in form of an email or a written letter.
In the case a researcher uncovers really serious bugs and vulnerabilities, Yahoo! will induct them in a newly created hall of fame.
Martinez added the programme is intended to take effect from July 1, 2013, and all researchers who reported bugs after the stated date will be rewarded.
The new policy is still in development and Yahoo! will be releasing the final policy by the end of the month.