Abstract
One of 2013's more poignant blog posts came in October from Ramses Martinez, director of Yahoo's bug-finding division Yahoo Paranoids, under the title, ‘So I'm the guy who sent the T-shirt out as a thank you’. Martinez was responding to a storm of criticism he had run into for offering researchers at High-Tech Bridge – who had discovered three cross-site scripting (XSS) vulnerabilities that could compromise Yahoo user accounts – the company's then usual ‘thank you’ of a $12.50 gift voucher per bug, replacing the Yahoo T-shirt that Martinez had previously sent researchers as a personal thanks. There are now over 200 ‘bug bounty’ programmes worldwide, offering researchers anything up to $150,000 for finding serious website or app vulnerabilities. But with the black market in software exploits still thriving, the world of bug hunting is still shrouded in mistrust between vendors and researchers. Tim Ring looks at the different and sometimes unconventional ways in which the bug hunting industry is developing.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
