Groupon Refuses To Pay Security Expert Who Found Serious XSS Site Bugs

Mark Wilson writes: Bounty programs benefit everyone. Companies like Microsoft get help from security experts, customers gain improved security, and those who discover and report vulnerabilities reap the rewards financially. Or at least that's how things are supposed to work. Having reported a series of security problems to discount and deal site Groupon, security researcher Brute Logic from XSSposed.org was expecting a pay-out — but the site refuses to give up the cash. In all, Brute Logic reported more than 30 security issues with Groupon's site, but the company cites its Responsible Disclosure policy as the reason for not handing over the cash.

Public shaming!

[TsuruchiBrian]

That's how problems get fixed these days isn't it? Let's do what we always do, and publicly shame groupon until they do the right thing. Internet DEPLOY!