Bug bounties from Google and Facebook regularly clear thousands of dollars for a single, high-profile bug. Yahoo finally has joined the game, also for four figures — but with a different decimal place.
The security firm High Tech Bridge set out to see what Yahoo would pay for disclosing bugs discovered on its site, since the company hadn’t stated what they were worth but did say that it encouraged researchers to report bugs.
After reporting three cross-site scripting (XSS) vulnerabilities that could compromise a user’s account with what High Tech Bridge described as basic phishing techniques, Yahoo responded with its thanks within 48 hours. The research firm was rewarded with $12.50 per vulnerability, significantly lower than Facebook’s or Google’s lowest bounties, which come in at $500 and $100 for the lowest priority bugs, respectively.
SOURCE: news.cnet.com
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…