Slashdot Mirror

← Back to Stories (view on slashdot.org)

Groupon Refuses To Pay Security Expert Who Found Serious XSS Site Bugs

Posted by samzenpus on from the pay-the-man dept.

Mark Wilson writes: Bounty programs benefit everyone. Companies like Microsoft get help from security experts, customers gain improved security, and those who discover and report vulnerabilities reap the rewards financially. Or at least that's how things are supposed to work. Having reported a series of security problems to discount and deal site Groupon, security researcher Brute Logic from XSSposed.org was expecting a pay-out — but the site refuses to give up the cash. In all, Brute Logic reported more than 30 security issues with Groupon's site, but the company cites its Responsible Disclosure policy as the reason for not handing over the cash.

1 of 148 comments (clear)

  1. Don't follw the rules don't get paid. by jklovanc · · Score: 5, Informative

    Part of the requirements to be paid a bounty is following the "responsible disclosure policy". The submitter did not follow that policy and therefore did not get paid. It seems pretty simple.