Martin Georgiev, Software Engineer
- Dec 20, 2016
One hundred days ago we launched Yelp’s public bug bounty program on HackerOne. Since launching the program, we received over 564 reports from 512 reporters. The distribution of the reports was as follows: Resolved: ~ 7% Informative: ~ 36% Duplicate: ~ 31% Not Applicable: ~ 26% Looking back on the first 100 days of our program, we fixed 39 vulnerabilities and paid out $13,850 in rewards. We maintained less than 24 hours response time and less than 1 month resolution time. The distribution of bug-bounty payouts over time is shown in Chart 1. Chart 1: Distribution of bug-bounty payouts over...