Yahoo! Pays! Paltry! $12.50! Bug! Bounty! For! Nasty! Email! Vuln!

A tenner is worse than nothing at all

That level of reward is in the order of magnitude of 10 of any of the main Western currencies. It's third prize in a colouring in competition. It's a brush off.

12.50 is a lot

and a lot, lot more than nothing (aka "crowdsourcing")

...unthankful git!

;)

wonky !

Kudos to El Reg for changing the angle of the exclamation mark.

£12.50

Equals a months worth of eating out at a noddle bar in many rural Chinese cities, towns and villages.

But, yeah, it stinks.

BTW, my Yahoo account was hacked earlier this year, despite the fact I hadn't actually USED it, or logged into it for at LEAST 8 years. (Set it up to forward mail to a gmail account - lol)

Stupid

If Yahoo is only going to pay $12.50 for a bug, people who find bugs will just publish the bugs without reporting them to Yahoo first.

Yahoo attracting security researchers?

First it'd better attract a few more customers.

Big deal?

Please do not take offense - I do not work in the industry but I've been curious about this. I presume that the "security researchers" who do this type of work derive their primary income from some means other than these bounties, similar to the way police officers get paid for extra duties performed off hours (such as providing security at concerts). If this is the case, nobody will bother doing this type of work for Yahoo! anymore, which is a problem for Yahoo! and their users. No big deal for everyone else.

On the other hand, saying that one can be remunerated better on the black market is like saying that it's cheaper to steal food rather than pay for it, and that if grocers don't lower their prices accordingly, people may as well just steal their food. It may be true, but that doesn't make it legal or moral.

I told them Yahoo! was a bug

and they billed me $12.50.