Slashdot Mirror

← Back to Stories (view on slashdot.org)

PayPal Reviewing Qualifying Age For Vulnerability Rewards

Posted by Unknown on from the break-it-before-you-can-use-it dept.

itwbennett writes "In follow-up to 17-year old Robert Kugler's claim that PayPal denied him a bug bounty because he was under 18, the company now says that it is 'investigating whether it can lower the qualifying age for vulnerability rewards for those who responsibly report security problems.' The company also said that the vulnerability had already been reported by another researcher — although they didn't mention that in the email to Kugler telling him he wouldn't be receiving payment."

10 of 95 comments (clear)

  1. Why restrict it at all? by HalAtWork · · Score: 3, Insightful

    It's a voluntary process, why would they need to restrict it? It's not like it's forced child labor. If anything, it's a learning experience.

    --
    Twinstiq, game news
    1. Re:Why restrict it at all? by idontgno · · Score: 5, Insightful

      If anything, it's a learning experience.

      Indeed. A valuable lesson for any impressionable youth to learn: Paypal will work very hard to screw you out of anything it can. Unless the PR blowback gets bad enough.

      (Paypal can apparently tolerate a certain low buzz of "Paypal sucks". They have considerably more trouble with Streisand-amplified flack.)

      --
      Welcome to the Panopticon. Used to be a prison, now it's your home.
    2. Re:Why restrict it at all? by TheCarp · · Score: 3, Insightful

      There is only one reason to restrict it...legal CYA. Remember everywhere in the world makes their own laws and many of them have restrictions on what one can do with young people, which includes paying them.

      Does paying a minor, even for such a voluntary action, require parental approval? If a 15 year old submits a bug, gets paid, and uses the money to buy drugs, could the parent sue, claiming they were irresponsible to give so much money to a teenager directly?

      Remember, lawmakers are lazy, they like to be overly broad or not think things through, I could totally see legislative attempts at curbing anything from drug use to underage prostitution hamfistedly creating problems here. Law is often not limited by its own intentions.

      In the end, I bet the answer has three letters: CYA:

      "What are the implications of allowing people under 18 to submit bugs?"
      "It depends on......."
      "Ok sorry I asked; no submissions from people under 18."

      --
      "I opened my eyes, and everything went dark again"
  2. Re:Make payment to parents or guardians by g0bshiTe · · Score: 3, Informative

    He did ask that payment be sent to his parents account, they denied it.

    --
    I am Bennett Haselton! I am Bennett Haselton!
  3. Re:Award scholarships for under-aged people by Synerg1y · · Score: 5, Informative

    OP is a dumbass, there aren't any legal complications here, just policy:

    Kugler has a record for finding security problems. He's received two payments for US$4,500 from Mozilla for finding two problems in its Firefox browser and also was listed as a noted security researcher by Microsoft last month.

    Mozilla had no problem paying him.

  4. Can't 'Legally' Pay a 17-Year-Old? by CanHasDIY · · Score: 4, Insightful

    Pure, unfiltered bullshit.

    Evidence: 16-year-olds who work at McDonald's.

    C'mon, PayPal; Fuckin' a kid around is bad enough, but then having the balls to lie to his face about why? That's uber-dickish.

    --
    An enigma, wrapped in a riddle, shrouded in bacon and cheese
  5. The message: by Opportunist · · Score: 4, Interesting

    When you're young, don't report the bug to the company in question or the authorities, report it to those that can make "good use" of them. Not only do they not have any problem with you being underage, you being underage also means you most likely won't be doing time if you get caught.

    It's just so win-win...

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  6. Re:Award scholarships for under-aged people by Guppy · · Score: 3

    And give the scholarship a grand-sounding name, so the kid can get some extra mileage in buffing his resume; such documents are often read by non-technical personnel who might misunderstand "Earned $**** reward for finding security vulnerability" (OMG HAX!), but would love to see something like "Recipient of the Paypal Merit Scholarship for Computing Security Excellence in Youth".

  7. Whose Account ? by the+eric+conspiracy · · Score: 3, Interesting

    PayPal has account eligibility requirement that you must be 18 to open an account. And yes I checked it applies in Germany.

    Also you aren't supposed to let others use your account.

    So how did he avoid these terms of service?

  8. Re:Award scholarships for under-aged people by Synerg1y · · Score: 3, Interesting

    None of what you said has anything to do with the age of the bug researcher. Still a pretty stupid argument imo, name one law that would prevent a 17 year old from getting paid for finding a bug.

    I do however agree that they are not the same company and would go about writing their policy around it differently, but that has nothing to do with the legality of it whatsoever.

    Your "insightful" off point and irrelevant statement got mine downmodded you ho. J/k :)

    And one more time just to be clear: corporate policy != law and amen for that.