yahoopolicy:

By Ramses Martinez, Senior Director of Investigations, Intelligence, and Response

Users come first at Yahoo and we’re committed to protecting their security. Our security team, which we affectionately call the Paranoids, is continuously monitoring for, analyzing, and responding to many potential threats.

The Paranoids do an amazing job — but in today’s complex security environment we can’t do it alone. This is why in October of 2013 we launched our Bug Bounty program. Through this community effort we invited researchers to report potential technical vulnerabilities to our security team.

Our Bug Bounty program has matured and grown since last October. We are proud to now have more than 600 contributors, we’ve also paid over $700,000 in bounties to contributing researchers since our launch. Inspite of this growth we haven’t forgotten our roots. This is why we still send the occasional t-shirt to researchers who successfully identify a tech vulnerability of significant value.