Intigriti Customer Story: Yahoo

How Yahoo is optimizing its Bug Bounty Program for enhanced researcher collaboration: To evolve their Bug Bounty program, the Yahoo team is thinking about reassessing their scope and tables to increase rewards for core products, to ensure they focus on the right things that have the most impact.  With the support of Intigriti, the Yahoo team is also adapting to emerging threats and vulnerability trends by looking for the uniqueness in reports. When a report comes in, they look at it for individuality to figure out if it is based on publicly available research, if the research is new and novel that a person has developed, or if the report is based on CVEs that are public. Vulnerabilities can be like fashion cycles, as security research comes out, it is hot, it peaks and then fades away as the security matures. But this is cyclical, and the old becomes new again, with new novel research added each time.   Intigrit’s Bug Bounty has been effective in hardening the attack surface of Yahoo to help inform them of areas of interest that they should look at more broadly and deeply, to then pass off to their internal security teams.