Web Giant Yahoo have finally started to pay bounty for finding bug and exploits, but is the bounty enough to provide competition to other Internet giants.Swiss penetration testing firm High-tech bridge said it ran a small experiment with Yahoo to see how quickly the company reacted on a Vulnerability or exploit notifications.Researchers found a cross site script(XSS) in Yahoo web property.
yahoo security team responded within 24 hours and did not offered any cash, said some one else have already reported the exploit.This timeHigh-tech bridge team found three different XSS .
Each of the discovered vulnerabilities allowed any @yahoo.com email account to be compromised simply by sending a specially crafted link to a logged-in Yahoo user and making him/her tap on it, the researchers said.Yahoo warmly thanked us for reporting the Vulnerability and offered us 12.50 $ per one Vulnerability, said the Researcher.Moreover, this sum was given as a discount code that can only be used in the Yahoo Company Store, which sell Yahoos corporate t-shirts, cups, pens and other accessories.The bugs have been patched by the timeHigh-tech bridge published its press release.The Bounty amount was very less, much more less than the lowest bounty provided by Google and Facebook, which is 100$ and 500$ Respectively.Most of the other small firms offers Goodies rather providing bounty, it could be good to say the Bounty provided by yahoo was not less than a joke.
Read More
source: www.techworm.net
