One of the greatest challenges companies face is finding creative ways to motivate employees. This difficult task becomes even harder when you’re motivating contractors or people outside of the office. As far as incentives go, offering up a T-shirt valued at roughly $12.50 is pretty sad – especially when the challenge is finding security vulnerabilities that could cost a major corporation millions of dollars.
Who would offer up such a lame bonus system? A little company called Yahoo.
Major tech companies have started offering bounties to security researchers who find bugs in their systems. Facebook offers a minimum of $500 and Samsung offers a starting rate of $1,000 per bug. Most of these sites have maximum rewards in the tens of thousands and pay out researchers based on the severity of the bugs that they catch.
Is it possible that Yahoo execs added a decimal point where they meant to add a comma? No, this was no bug.
VentureBeat reported that the $12.50 awarded to High Tech Bridge’s researchers didn’t arrive in the form of a check, PayPal deposit, or cash, but in the form of a coupon code. The researchers could only use that code to buy Yahoo t-shirts, baby blankets, and hats in the Yahoo store.
How’s that for motivation? Now the employees at High Tech Bridge can continue looking for bugs while wearing their Yahoo merchandise. Just think, the more bugs they catch, the more swag they get decked out in.
Needless to say, High Tech Bridge has its own swag and purple isn’t one of the brand’s colors.
High Tech Bridge sent out a press release and blog post about Yahoo’s reward policy.
Each of the discovered vulnerabilities allowed any @yahoo.com email account to be compromised simply by sending a specially crafted link to a logged-in Yahoo user and making him/her clicking on it… Yahoo warmly thanked us for reporting the vulnerabilities and offered us 12.50 USD reward per one vulnerability…At this point we decided to hold off on further research.
I’m no security expert, and I’m certainly not a financial planner, but I would advise searching Facebook and Samsung for bugs with the promise of hundreds of dollars cash instead checking out Yahoo’s pages in hopes of a discount code worth less than thirteen bucks.
Yahoo is like the neighbor who offers to pay you for shoveling his driveway, then gives you a quarter and tells you not to spend it all in one place. The company decided to change its bounty policy after news of its shrewdness spread across the Internet. ComputerWorld reported that bug bounty hunters will now be compensated between $150 and $15,000 depending on the severity of the find. While that’s still on the low end for a minimum payout, it’s a lot better than a sad little coupon.
ComputerWorld also explained that these bounties save tech companies a ton of money. They don’t have to hire their own full-time security employees and the caught bugs prevent compromised accounts and bad publicity. Their original reward system was like offering an employee $10 commission for making a $10,000 sale. Not many contractors would jump at the chance for that.
You don’t have to be Marissa Mayer to fail at motivating employees. Your best bet is to talk to your managers and employees before, during, and after implementing a bonus system or bounty. Don’t worry, they’ll let you know if it’s not worth their time and effort.