Yelp on Tuesday launched a public bug bounty program offering vulnerability reward payouts ranging from $100 up to $15,000 for the “most impactful exploits.” Yelp has been running a private bug bounty program for the past two years, working with select security researchers, but this new public program lets anyone earn rewards.
Yelp is specifically looking for vulnerabilities in its consumer sites (www.yelp.com,m.yelp.com), business owners site (biz.yelp.com), and mobile apps for iOS and Android, as well as its Reservations online management system, blogs, public API, and support site.
“The security team at Yelp is committed to keeping our users, our data, and our platform and services safe and sound,” the team wrote. “If you find a security issue in any of our systems, let us know immediately. We are ready to work with you and make every effort to address the identified vulnerability in a timely manner.”
Yelp said it would publicly acknowledge bug finders in addition to offering cash rewards. The company asked bug finders to avoid throwing DDoS attacks its way, or breaking its systems during their tests.
“We want you to bring out your big guns, but hold off on actually breaking anything,” the team wrote.
