Yelp Launches Public Bug Bounty Program (techcrunch.com) 14

Posted by BeauHD on Tuesday September 06, 2016 @05:10PM from the now-hiring dept.

Yet another company has launched a public bug bounty program to lure in hackers in an effort to find and eradicate vulnerabilities. Yelp is the latest company to do such a thing. Specifically, they are inviting hackers to dissect its websites and mobile application and look for vulnerabilities that could affect reviewers and businesses. In return, they will pay "researchers" who find vulnerabilities, starting at $100 and maxing out at $15,000 "for more complex and critical exploits." TechCrunch reports: "The program, which Yelp is coordinating through the bug bounty platform HackerOne, is a public extension of a bug bounty system that Yelp has privately run for two years. The private version was open to dozens of researchers, who uncovered more than 100 vulnerabilities for Yelp and earned $65,160 in total, and focused primarily on Yelp's main website. Now, Yelp is inviting everyone to test Yelp sites and products. Yelp, which averages 73 million unique visitors to its desktop site and 63 million unique visitors on mobile each month, is asking hackers to cover broad ground -- the bug bounty program includes the company's main website, yelp.com, as well as its business-owners website, apps, reservation platform, corporate blogs, support center, and API."

Yelp Launches Public Bug Bounty Program

This discussion has been archived. No new comments can be posted.

Load All Comments

Search 14 Comments Log In/Create an Account

Comments Filter:

Here's a solution instead (Score:1)

by xushi ( 740195 ) writes:

Have your website done entirely in JPEG.
- - Re: (Score:1)
    
    by James Keane ( 4387461 ) writes:
    
    Nice try at looking clever, but .com is in the root zone file, not yelp.com. Please, please, please never do any DNS work on any issues I haNXDOMAIN.
- Re: (Score:3)
  
  by justthinkit ( 954982 ) writes:
  
  I came here to say the same thing.
  Was there ever a more extortionistic web site?
  Just for starters, there is no down mod on user comments. And by the way, Amazon removed the down mod on user comments just a few months back. Think about the effect that has...it isn't good.
  Also, if you say something highly praiseworthy, Yelp is likely to move your comment to the bottom so no one ever sees it. Of course, you can no doubt BUY a better positioning on Yelp...
Bug Bounties (Score:1)

by fustakrakich ( 1673220 ) writes:

All they do is raise the price on the black market.
- Re: (Score:2)
  
  by ShanghaiBill ( 739463 ) writes:
  
  All they do is raise the price on the black market.
  Isn't that a good thing?
  - Re: (Score:1)
    
    by fustakrakich ( 1673220 ) writes:
    
    Well yeah, for some people it definitely is. Problem is, what I forgot to mention before, if you try to go the "legitimate" route as the good samaritan, you risk getting arrested if you don't report the bugs anonymously and you try to collect the bounty. Why take that kind of chance?
I already report bugs to Yelp. (Score:2)

by mr_mischief ( 456295 ) writes:

If I'm somewhere that I'm thinking about Yelp and I see a bug, you can be sure I'll post about it.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Yelp Launches Public Bug Bounty Program (techcrunch.com) 14

Yelp Launches Public Bug Bounty Program More Login

Yelp Launches Public Bug Bounty Program

Here's a solution instead (Score:1)

Re: (Score:1)

Re: (Score:3)

Bug Bounties (Score:1)

Re: (Score:2)

Re: (Score:1)

I already report bugs to Yelp. (Score:2)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot