September 28, 2023
Yahoo has partnered with Intigriti, a global leader in crowdsourced security, to launch a new public bug bounty program. The cybersecurity partnership officially launches today and expands Yahoo’s reach into the global crowdsourced security community.
Under the terms of the new partnership, Yahoo’s bug bounty program will be hosted by Intigriti and open to the 75,000 ethical hackers who are registered on the cybersecurity platform, along with anyone else who wishes to take part.
According to Arjun Govindaraju, Technical Principal Security Engineer at Yahoo: “Expanding our bug bounty program with Intigriti gives us a bigger outreach to the global ethical hacker community. We want to cater to as many people as possible and provide the best service possible to our users.”
Bounty payout rates under the new Yahoo program are on a scale that’s proportional to potential impact. Researchers can earn between $100-$500 for low-ranked vulnerabilities, up to $10,000 for high-rated flaws, and between $10,000-$15,000 for any critical issues discovered.
Nearly 70 assets are in scope under the new program, including Yahoo’s high-value web domains, APIs, and Search services, along with Yahoo Shopping, Yahoo Mail, and media brands Yahoo News, and Yahoo Sports.
The launch of the new public bug bounty program from Yahoo comes as organizations around the world increasingly turn to crowdsourced security solutions to help improve their security posture.
This new initiative follows a previous partnership between Yahoo and Intigriti. Last year, the US tech and media giant worked with Belgium-based Intigriti to host a live hacking event in Antwerp.
The event was a significant milestone in Yahoo’s long standing cybersecurity program, as it helped cement the organization’s reach into Europe’s ethical hacking community.
Stijn Jans, CEO of Intigriti, said: “Yahoo’s decision to partner with Intigriti affirms our commitment to delivering exceptional crowdsourced security solutions to our clients. We are honored to be chosen by Yahoo to host their new public bug bounty program, and we look forward to working closely with them to expand their outreach.”
Visit Yahoo’s public bug bounty page on the Intigriti website for full program details.
Entering the CTF arena
To maintain the motivation and commitment of their top talent in safeguarding their assets, Yahoo’s Paranoids security team is offering above-market rewards and invitations to exclusive live hacking events for those who still manage to find weaknesses in their applications. To raise the stakes even further, Yahoo now has the first-ever bug bounty program to offer ethical hacking teams generous cash rewards for topping the leaderboard in select Capture The Flag (CTF) competitions, as long as they have recently contributed to the bug bounty program.
This move aims to attract top cybersecurity talent, especially from the CTF community, and foster collaboration among ethical hackers. While retaining and stimulating the existing audience remains a top priority, Yahoo recognises that attracting the next generation of talent will be important to bring continuous value to their program in the many years to come.
Intigriti specializes in crowdsourced cybersecurity services that help organizations protect themselves from cybercrime and data breaches.
The company’s leading bug bounty platform enables companies to tap into a global community of 75,000 ethical hackers, who use their unique expertise to find and report vulnerabilities in a secure process to protect businesses.
Founded in 2016, Intigriti has a global team of employees based in Belgium, the UK, the Netherlands, South Africa, Austria, and Ireland.
The company’s mission is to lead the path to global crowdsourced security and make ethical hacking the number one choice for companies and security researchers.