So, fancy earning a little extra cash by hacking Yelp.com? Well now you can. Yelp is inviting the general public to hack it's websites and will pay up to $15,000 if you discover a serious vulnerability.
Yelp have been running a private bug bounty programme for two years and over 100 vulnerabilities have been found. But now they are opening the programme up to the public through HackerOne in the hope that all of the site's web vulnerabilities will be found. HackerOne CEO Marten Mickos told TechCrunch. “When you invite everybody, statistically you will end up finding everything.”
Yelp are asking hackers to cover a broad range of websites and services such as yelp.com, it's apps, blogs, API's and more. However the company is excluding exploits found via automatic vulnerability scanners and those found on sites belonging to newly acquired companies.
Personally I think bug bounty programmes are a fantastic way for companies to really test their software. Yes, they could pen-test their software themselves or even outsource it to an external company, but it will never be as thoroughly tested because you don't get the same diversity of hackers. Bug bounty programmes also enable individuals to hone their skills by exploit systems and earn extra income all whilst staying on the right side of the law and helping to make the internet a safer place. So if you want to get involved, check out Yelp's HackerOne page.