Hugh Pickens DOT Com writes: Ramses Martinez, Director of Yahoo Paranoids, writes that he's the guy who runs the Yahoo team that works with the security community on issues and vulnerabilities and it's been an interesting 36 hours since the story first appeared on slashdot. "Here’s the story. When I first took over the team that works with the security community on issues and vulnerabilities, we didn’t have a formal process to recognize and reward people who sent issues to us. We were very fast to remedy issues but didn’t have anything formal for thanking people that sent them in." Martinez started sending a t-shirt as a personal “thanks.” It wasn’t a policy, he just just thought it would be nice to do. But Yahoo recently decided to improve the process of vulnerability reporting. The “send a t-shirt” idea needed an upgrade. Yahoo will now reward individuals and firms that identify what we classify as new, unique and/or high risk issues between $150 — $15,000. The amount will be determined by a clear system based on a set of defined elements that capture the severity of the issue. " If you submitted something to us and we responded with an acknowledgment (and probably a t-shirt) after July 1st, we will reconnect with you about this new program. This includes, of course, a check for the researchers at High-Tech Bridge who didn’t like my t-shirt."