"There’s no such thing as a perfect technology — not since they put the finishing touches on the wheel — but here at Yelp we are committed to getting as close as we can. It’s a big world and we believe that working with skilled security researchers from all corners is the key to identifying the weaknesses in any technology."Researchers can expect to make at least 100 USD and as much as 15,000 USD for reporting a vulnerability discovered in Yelp's infrastructure. To assist bug bounty hunters in the efforts, Yelp software engineer Martin Georgiev identified what types of exploits the company is most interested in finding. For instance, regarding Yelp's consumer website:
"We are interested in any vulnerabilities that allow the attacker to map user profiles to their respective email addresses. Other critical vulnerabilities in our consumer site would involve the ability of a malicious user to modify other users’ reviews, order food for free or gain access to another user’s payment details: e.g., reveal PANs. Look also for web vulnerabilities that result in sensitive data disclosure, data injection/exfiltration, insecure session management, etc."