IN A QUEST to avoid fallout from t-shirtgate, which saw bug reporters rewarded with gift certificates for out of date Yahoo merchandise, the originator of the scheme has explained why he did it, why it was really a nice thing to do, and what happens now.
In a blog post, Ramses Martinez, lead developer at Yahoo Paranoids, the elite team of swashbuckling bug fixers in charge of making sure no one steals your email, explained that actually there was no such scheme in place and that the t-shirt promotion was one of his own devising, funded from his own pocket.
As we choked back the sentimental tears from this revelation, he went on to explain that "regulars" began to complain that they already had enough Yahoo t-shirts, and so Martinez moved on to gift certificates that allowed the budding Boba Fetts to select from a whole range of corporate puffery from the Yahoo store.
You could almost feel the hurt in his voice as he wrote, "We recently decided to improve the process of vulnerability reporting. My 'send a t-shirt' idea needed an upgrade. This month the security team was putting the finishing touches on the revised program. And then yesterday morning 't-shirt-gate' hit. My inbox was full of angry email from people inside and out of Yahoo. How dare I send just a t-shirt to people as a thanks?"
But here's the good news. You can stop worrying about Mr Martinez and his pockets, as from now on, Yahoo will be paying cash rewards from $150 up to $15,000, and the scheme will be retroactive, though it isn't clear if the cash rewards will mean that reward claimants will have to give back their prized t-shirts.
Damage limitation seems to be the name of the game here, although Yahoo claims that the new scheme was already in the planning stages and was released early due to t-shirtgate. It's a bit vague on some details, and therefore, so are we. It all reeks of "feel sorry for us because we didn't have a bug bounty scheme".
We even questioned if Ramses Martinez is indeed a real Yahoo employee or a composite corporate spokesman. We're not saying that he is, but anagrams of his name include "A Smart Zen Miser" and "Zanier Stammers". Coincidence? Probably. µ
Sign up for INQbot – a weekly roundup of the best from the INQ