Since its inception, Yahoo’s Bug Bounty program has received thousands of vulnerability reports from over 6,000 hackers worldwide.
And today, the ten-year-old program is growing with an expansion into Europe through a new public program managed by Intigriti, the continent’s largest bug bounty platform.
To celebrate the launch, Yahoo is also enacting a new type of promotion — offering bonus rewards to Capture the Flag (CTF) players.
Starting today, security researchers participating in the 2023 GlacierCTF are eligible to earn extra cash rewards through Yahoo’s Bug Bounty program.
“We hope that our program will be attractive to CTF-loving researchers,” said Arjun Govindaraju, Yahoo’s Bug Bounty program lead. “By introducing innovative incentives, Yahoo is fortifying its security posture and cultivating the next generation of cybersecurity talent. We’re committed to tapping into the expertise of Capture The Flag champions who possess the skills we value in our bug bounty hackers,” said Govindaraju, referring to “problem-solving under pressure, out-of-the-box thinking, and technical knowledge.”
Here’s how to earn the bonus on Yahoo’s bug bounty program:
- First, work with your team to submit valid and unique vulnerabilities to Yahoo’s bug bounty program through Intigriti 60 days before the CTF. (Any team member may submit the report; make sure you include your team’s name in the report.)
- Once your report is accepted, your CTF team will immediately be eligible to win the bonus
- Finally, after the CTF’s leaderboard is published, if your team is in the top three spots of the CTF, Yahoo will reach out to you to confirm and award the bonus
CTF Bonus Prizes
| Place | Bonus |
| 1st Place | $15000 |
| 2nd Place | $7500 |
| 3rd Place | $3750 |
“Yahoo’s new program will welcome CTF players, helping them monetize the skills they’ve acquired during the competition,” said Inti De Ceukelaire, Intigriti’s Chief Hacker. “We are excited to support Yahoo as they expand their program and introduce their bug bounty hunters to a CTF competition, perhaps for the first time.”
“These rewards will entice CTF players who otherwise would never consider participating in vulnerability disclosure to come out of the woodwork,” said Haqpl (hacker handle), vice-captain of the justcatthefish CTF team. “I think this is a fantastic chance to bridge two areas of security that are closely aligned yet have their own unique challenges.”
If you are organizing a CTF competition with more than 30 teams participating, you can submit your CTF for eligibility for the bonus program through this form.
Disclaimer: Neither Yahoo — nor Intigriti — are affiliated with the GlacierCTF. The promotion being offered is simply centered around rewarding top teams and players who also contribute to Yahoo’s Bug Bounty program.