Yelp's Bug-Finding Program Rewards Hackers for Finding Weaknesses

By: Joey Haar - Sep 7, 2016
References: hackerone & thenextweb
As part of a push for better cyber security, Yelp, the de facto king of online restaurant reviews, is allowing the hacker community to take part in its bug bounty program. The program essentially rewards hackers for discovering legitimate vulnerabilities within the Yelp network, offering a minimum of $100 and a maximum of $15,000. According to Yelp's official bug bounty program page, the average bounty reward is approximately $500.

Aside from the main Yelp page (i.e. the consumer site,) the bug bounty program extends to business owners' pages, Yelps apps, its reservations, the support center, and its API. While Yelp will review any potential bugs before awarding a bounty, the process is relatively quick, with an average of 13 hours before a hacker receives a response from the site and 15 days until the bug is assessed and the bounty awarded.