One of 2013's more poignant blog posts came in October from Ramses
Martinez, director of Yahoo's bug-finding division Yahoo Paranoids, under the title, 鈥楽o I'm the guy who sent the T-shirt out as a thank you鈥? Martinez was responding to a storm of criticism he had run into for offering researchers at High-Tech Bridge - who had discovered three cross-site scripting (XSS) vulnerabilities that could compromise Yahoo user accounts - the company's then usual 鈥榯hank you鈥?of a $12.50 gift voucher per bug, replacing the Yahoo T-shirt that Martinez had previously sent researchers as a personal thanks.
There are now over 200 鈥榖ug bounty鈥?programmes worldwide, offering researchers anything up to $150,000 for finding serious website or app vulnerabilities.
But with the black market in software exploits still thriving, the world of bug hunting is still shrouded in mistrust between vendors and researchers. Tim Ring looks at the different and sometimes unconventional ways in which the bug hunting industry is developing.