Yahoo recently came under fire for rewarding cyber crime company High-Tech Bridge with a $12.50 coupon to get a Yahoo T-shirt after it uncovered a serious flaw in the US search giant's email system.
The Swiss company made sure everybody knew about the meagre offering by issuing a press release, leaving the US search giant purple faced, to say the least.
Yahoo has addressed the mishap in a company blog post, explaining that the free T-shirts were handed out as personal "thank you" gestures by its security researchers, and weren't part of any company policy.
Ramses Martinez, Director of Yahoo Paranoids (yes, really), writes: "I just thought it would be nice to do something beyond an email. I even bought the shirts with my own money. It wasn't about the money, just a personal gesture on my behalf."
In addition to confirming that it won't hand out any more T-shirts, Yahoo has outlined a five-step system that culimates in a reward between US$150 (around £92, or AU$259) and US$15,000 (around £9,248, or AU$15,987) dollars - the maximum figure being enough to bag you 18.5 Xbox One consoles.
To get hold of a reward, you'll have to go through the process of reporting a bug, having it validated by Yahoo's security team and waiting until the error is redeemed before waiting for Yahoo to formally recognise that you've helped it out. Yahoo claims that most of these steps will take no more than a couple of weeks, and likely much faster.
Google and Facebook already offer lucrative rewards for patching vulnerability holes or providing information that would help them do so (up to US$20,000 and a minimum of US$500 respectively).
- Got security on the mind? Here's the best tools for business