April 27, 2022

Announcing: Elite Bug Bounty Program

Note: Verizon Media is now known as Yahoo.

Elite thinking

In 2021, we introduced a brand new part of our public bug bounty program, the Yahoo Elite Program.

  • Special “Invite Only” program
  • Initially limited to ten (10) rotating researchers
  • Cyclical qualifications
  • Credentialed untouched (brand new) scope
  • Private engineering briefings
  • One or more mini-campaigns during every cycle
  • Priority payout
  • Elite Swag where available
  • Private Slack instance - more open access to The Paranoids
  • Tool Automation is strictly throttled - We consider the initial 10 researchers to be of a high standard and expect any issues that may be reported to be of a higher severity / quality finding.  We are looking for that, “what’s in your head” bug, the type that no automated scanner is likely to find
  • A Non-Disclosure Agreement is required to participate in Elite 
  • Briefings by product teams before campaign launch may be offered around their technology / application
  • Additional perks to be announced

Elite to date

Since we launched this program we have had:

  • 4 cycles
  • 23 participating researchers
  • 9 researchers taking part in more than 1 cycle 
  • Close to $2M paid in bounties 
  • 10 special campaigns focusing on various products, targeted vulnerabilities hunts and business centric challenges

How do I get invited to the Elite ?

  • Be a top 5 hacker on our public program during a cycle!! 
  • Do not have more than two strikes from our program
  • Have completed HackerOne’s Clear Program (hackers who are not CLEAR certified but meet the other qualifications will earn entry to the Elite program during the next cycle following their certification approval)
  • Be over the age of 18
  • Not a resident or individual located within a country appearing on any U.S. sanctions lists (such as the lists administered by the US Department of the Treasury’s OFAC).

Here’s the interesting part

Every cycle runs 60-80 days with a few weeks in between for us to clear the cycle, post a leaderboard, and start a new rotation. In short, the bottom 5 performers within the Elite program will be relegated back into the Public program and the top 5 performers within Public will be promoted into Elite.

In order to keep the Elite program functioning with researchers that show a level of commitment, ambassadorship, and excellent skill sets, it is necessary to use this rotation method.  Additionally, given the exclusivity and time the Paranoids are dedicating to the program, we expect our 10 elite researchers to set aside time to dedicate to the Elite program.

We believe in not only keeping our top Elite members engaged, but also want to bring in top 'new blood' that will keep each Elite cycle fresh and bring new eyes to interesting scopes. A newcomer to Public may be knocking it out of the park and clearly committing a lot of time and effort.  This rotation allows for those researchers in Public who shine the opportunity to get an invite into the Elite program. 

Now’s your chance to claim your spot in Elite - check out this ALL NEW PROMO

Promotion 1 - Between May 1 and May 30, earn 100% bonus on all reports on our Public scope from a pool of $100k and we’ll make another $100k available if we receive valid reports from 25 or more hackers.

  • Include the code - NAHAMCON2022 in your reports to be eligible for the bonus

Promotion 2 - Between May 1 and May 30, earn 200% bonus on all mobile application reports in our Public scope from a pool of $50k.

  • Include the code NAHAMCON2022M in your reports to be eligible for the bonus

Note: 

  • Same report cannot be eligible for both promotions
  • Yahoo’s Bug Bounty team reserves the right to determine promotion eligibility of the report
  • Current Elite cycle participants not eligible for promotions