There is a well-known practice, when large companies pay special remuneration to information security specialists for found bugs - for example, Google, Facebook, Mozilla and others.
A certain company, High Tech Bridge (CEO called Ilia Kolochenko) decided to test the strength of the Yahoo sites, which in the list above did not have time to show up, at least publicly. In about 45 minutes, only the first XSS vulnerability was discovered using Firefox, which was immediately reported to Yahoo. There, however, they decided that the information could not be appreciated, because the company already knows about it.
High Tech Bridge did not calm down on this slightly strange answer and continued the search. For a couple of days working at the Yahoo Security Team, three more bug reports about XSS vulnerabilities (including the
ecom.yahoo.com and
adserver.yahoo.com domains ) were
sent to which the answer was finally answered that this time the question of remuneration was resolved positively and for each detected problem, Yahoo is willing to pay $ 12.50.
')
At the same time, the remuneration will be paid (if desired, of course) in the form of a coupon coupon from Yahoo Company Store, where you can purchase corporate symbols, caps, pens, t-shirts, and the like for the specified amount.
The minimum price for Facebook for the found vulnerability
is $ 500.
[
Source ]