Web Giant Yahoo have finally started to pay bounty for finding bug and exploits, but is the bounty enough to provide competition to other Internet giants.

Swiss penetration testing firm High-tech bridge said it ran a small experiment with Yahoo to see how quickly the company reacted on a Vulnerability or exploit notifications.

Researchers found a cross site script(XSS) in Yahoo web property. yahoo security team responded within 24 hours and did not offered any cash, said some one else have already reported the exploit.
This time High-tech bridge team found three different XSS .


“Each of the discovered vulnerabilities allowed any @yahoo.com email account to be compromised simply by sending a specially crafted link to a logged-in Yahoo user and making him/her click on it,” the researchers said.

Yahoo warmly thanked us for reporting the Vulnerability and offered us 12.50 $ per one Vulnerability, said the Researcher.

“Moreover, this sum was given as a discount code that can only be used in the Yahoo Company Store, which sell Yahoo’s corporate t-shirts, cups, pens and other accessories.

The bugs have been patched by the time High-tech bridge published its press release.

The Bounty amount was very less, much more less than the lowest bounty provided by Google and Facebook, which is 100$ and 500$ Respectively.

Most of the other small firms offers Goodies rather providing bounty, it could be good to say the Bounty provided by yahoo was not less than a joke.


LEAVE A REPLY

Please enter your comment!
Please enter your name here