Yahoo offers its first tepid bug bounty
Bug bounties from Google and Facebook regularly clear thousands of dollars for a single, high-profile bug. Yahoo finally has joined the game, also for four figures -- but with a different decimal place.
The security firm High Tech Bridge set out to see what Yahoo would pay for disclosing bugs discovered on its site, since the company hadn't stated what they were worth but did say that it encouraged researchers to report bugs.
After reporting three cross-site scripting (XSS) vulnerabilities that could compromise a user's account with what High Tech Bridge described as basic phishing techniques, Yahoo responded … Read more