Yahoo patched a critical email vulnerability and the security researcher who reported it earned $10,000.
The bug was reported via Yahoo’s crowdsourced bug bounty program, HackerOne. Under this program, researchers are rewarded based on the reported vulnerability’s severity with monetary rewards of up to $15,000. "At Yahoo's discretion, providing more complete research, proof-of-concept code and detailed write-ups may incur a bonus percentage on the bounty awarded. Conversely, Yahoo may pay less for vulnerabilities that require complex or over-complicated interactions or for which the impact or security risk is negligible," explained Yahoo. "In some cases, rewards may be consolidated into a single payout." For this bug, Pynnönen was awarded a bounty of $10,000 for finding and reporting the flaw to Yahoo.
Photo: © iStock.