Boston, MA 10/07/2013 (wallstreetpr) – Most major tech companies pride themselves on the security they offer to their users but they are also aware that regardless of the measures that are put in place, vulnerabilities will still exist. Because of this, it is quite common in Silicon Valley for tech companies to have bug bounty programs in place so that security researchers or hackers who discover and expose existing vulnerabilities in their software can be rewarded for it. Google rewards as much as $20,000 for a verifiable discovery, Facebook just paid $12,500 to a tester who discovered a bug on their site and Microsoft offers a bounty up to $100,000. Yahoo! Inc. (NASDAQ:YHOO) seems not to appreciate the importance of the arrangement after a recent incident came to light.
A team of researchers from the Swiss firm High Tech Bridge decided to run tests on websites belonging to Yahoo and found serious vulnerabilities which were immediately reported. The bugs were serious and could have allowed a malicious user to gain access to any users email and possibly to sensitive personal information. Security testers at Yahoo confirmed that the bugs did exist and moved immediately to have them fixed.
For their efforts, the High Tech Bridge team was awarded $25 in vouchers, not cash, and the vouchers are only redeemable for products from the Yahoo company store like pens, cups, T-shirts, etc. Although the company is not under any obligations to make payments in situations like this, the reality is that bugs such as those that were found could easily have been sold on the black market for huge sums of money and if a Yahoo customer is victim to security breach, it could have devastating effects on the company’s image and eventually on their bottomline.
As the CEO of High Tech Bridge so aptly stated, Yahoo needs to reevaluate its position on the matter since they cannot afford to make any enemies where security of their websites is concerned.