Headline
Three-day hackathon uncovers hundreds of bugs in Yahoo search engine tool Vespa
Live event brings together bug bounty hunters from across the globe
Jessica Haworth 31 August 2022 at 15:30 UTC
Live event brings together bug bounty hunters from across the globe
A three-day hackathon held by Yahoo last week uncovered hundreds of security bugs in its text search engine tool Vespa.
The event, held in Antwerp, Belgium by bug bounty platform Intigriti, saw 40 hackers from across Europe, the Middle East, and Africa hunt for vulnerabilities in the open source tool.
There were 218 bug submissions, with payouts totalling $218,121, with the highest bounty paid out at $15,000.
Read more of the latest bug bounty news
Topping the leaderboard was hacker ‘putsi’, who successfully submitted 10 vulnerabilities and also earned the title of ‘most valuable hacker’ at the event.
Highest earning team ‘Swedish Injection!’, made up of hackers ‘stok’ and ‘p4fg’, successfully found 18 vulnerabilities.
Participants were chosen from across Yahoo’s ‘Elite Program’, drawn from a group of regular contributors to the company’s bug bounty program and previous hacking event, which took place in May 2022.
DON’T MISS Ethereum Foundation offers $1m bug bounty payouts with proof-of-stake migration multiplier
Inti De Ceukelaire, head of hackers at Intigriti, told The Daily Swig that the hackers “have made extremely valuable contributions to Yahoo’s cyber resilience”.
“Yet, live hacking is about more than just great results alone: it forms long-lasting relationships with the community and further increases hacker engagement beyond borders,” he said.
“40 hackers from 20 different countries, familiar and unfamiliar faces to Yahoo, have collaborated together with us and the Yahoo team in what we can only describe as our biggest and most successful event to date.”
YOU MAY ALSO LIKE Security researchers blast ‘ridiculous’ CrowdStrike bug disclosure practices