As we know that the Bug Bounty Programs are organised by Corporate Sector companies for better security. And about the Yahoo! it organize this program in October 31 in which it offers only $12.50 Bug Bounty Reward per Bug found. This is too cheap to attract the Security Researchers .
Now yahoo! quickly change its policy after being ridiculed for handling only $12.50. They increases the Reward Money as high as $15,000 per Bug found.
According to Yahoo! – :
“The New Program will offer an improved reporting process,quicker validation and good interface to submit the Bug. ”
Researchers reward money starts from $150 and goes up from here for Bug Reporting.
According to Remses -:
“The Amount will determined by a clear system based on a set of defined elements that capture the severity of the issue.”
In September Research from High-Tech Bridge found a XSS Vulnerabilities.The Security Team notifies Yahoo! of four XSS issues, which affect the marketingsolutions.yahoo.com domain, ecom.yahoo.com and adserver.yahoo.com domains.
Each security vulnerability on yahoo.com allow the email account to be compromised by sending a specially created link to a logged in yahoo user and making them click on it.
According to High-Tech Bridge -:
“Two of the flows accepted as new, and the CSS (Cross-Site-Scripting) Vulnerability were worth a $12.50 reward each, given as discount code ”
Read Last news :