February 25, 2018

February Policy Updates

Note: Verizon Media is now known as Yahoo.

Paranoids logo

Dedicated Bug Hunters,

We’ve got quite a lot packed into this month, so please take a few minutes to read through this update and keep an eye out for more from us.

In January this year, Oath was renamed to Verizon Media, so we thought it was just about time for us to re-brand the policy page. Our team has been working on some fresh updates to the policy and have ended up rolling a bunch of them all together into one giant update!

The most impactful of these changes is that we now require all attachments to be added directly to the reports on HackerOne. No more hosting files on vimeo, dropbox, pastebin or github. We have been working on building automation to help move tickets through our processes much faster and these systems will not function properly if required contents are not available directly from this platform.

Summary of Policy Changes:

  1. Added Safe Harbor clause
  2. Company branding has changed from Oath to Verizon Media
  3. Program URLs have been updated
    • /oath --> /verizonmedia
    • /oath-private --> /verizonmedia-private
  4. Clarification of some language in the Rules section
  5. Require all attachments to be hosted on HackerOne
  6. Clarify staff types who are excluded from the program eligibility

If you have any questions, feel free to reach out to us however works for you. We’ve even stood up a channel, #verizonmedia, on the Bug Bounty Forum slack workspace to specifically engage in conversation with our bug hunter community.

Happy Hacking,

The Paranoids