Yelp Launches Public Bug Bounty Program

Yet another company has launched a public bug bounty program to lure in hackers in an effort to find and eradicate vulnerabilities. Yelp is the latest company to do such a thing. Specifically, they are inviting hackers to dissect its websites and mobile application and look for vulnerabilities that could affect reviewers and businesses. In return, they will pay "researchers" who find vulnerabilities, starting at $100 and maxing out at $15,000 "for more complex and critical exploits." TechCrunch reports: "The program, which Yelp is coordinating through the bug bounty platform HackerOne, is a public extension of a bug bounty system that Yelp has privately run for two years. The private version was open to dozens of researchers, who uncovered more than 100 vulnerabilities for Yelp and earned $65,160 in total, and focused primarily on Yelp's main website. Now, Yelp is inviting everyone to test Yelp sites and products. Yelp, which averages 73 million unique visitors to its desktop site and 63 million unique visitors on mobile each month, is asking hackers to cover broad ground -- the bug bounty program includes the company's main website, yelp.com, as well as its business-owners website, apps, reservation platform, corporate blogs, support center, and API."

Here's a solution instead

[xushi]

Have your website done entirely in JPEG.

Re:Here's a solution instead

the whole fucking site is a bug. delete yelp.com from the internet root dns. done. i found the biggest problem, i delivered the best possible fix for said problem, now pay up. instead of sending me a bounty, run around the outside of your soon-to-be vacated office, nekkid, with a sign that reads 'yelp is a scam' and never touch the internet or a computing 'device' ever again.

Re:Here's a solution instead

[JamesKeane7745]

Nice try at looking clever, but .com is in the root zone file, not yelp.com. Please, please, please never do any DNS work on any issues I haNXDOMAIN.

I report www.yelp.com

Do I win?

Re:I report www.yelp.com

[justthinkit]

I came here to say the same thing.

Was there ever a more extortionistic web site?

Just for starters, there is no down mod on user comments. And by the way, Amazon removed the down mod on user comments just a few months back. Think about the effect that has...it isn't good.

Also, if you say something highly praiseworthy, Yelp is likely to move your comment to the bottom so no one ever sees it. Of course, you can no doubt BUY a better positioning on Yelp...

Bug #0

Bug #0 is Yelp's business model: suppress positive reviews (and rank negative reviews higher) for businesses that don't pay the protection fee; hide negative reviews (and rank positive reviews higher) for businesses who do pay the protection fee. Yelp is a fucking scam.

waste of time

Biased paid-for reviews with narrow geographic coverage. Yelp on my phone stopped working unless on wifi, and I even reinstall wont' fix that. Searching for security vulnerabilities for an app like that is a waste of time even if they pony up cash for that.

Fail.

Less and less reasons to come to this site.

Bug Bounties

[fustakrakich]

All they do is raise the price on the black market.

Re:Bug Bounties

[ShanghaiBill]

All they do is raise the price on the black market.

Isn't that a good thing?

Re:Bug Bounties

[fustakrakich]

Well yeah, for some people it definitely is. Problem is, what I forgot to mention before, if you try to go the "legitimate" route as the good samaritan, you risk getting arrested if you don't report the bugs anonymously and you try to collect the bounty. Why take that kind of chance?

Too cheap

Mutiply by those bounties times 10-100.

I already report bugs to Yelp.

[mr_mischief]

If I'm somewhere that I'm thinking about Yelp and I see a bug, you can be sure I'll post about it.

look up Botto bistro

For those who don't know the story, they've been trolling Yelp for years..