Having reported a series of security problems to discount and deal site Groupon, security researcher Brute Logic from XSSposed.org was expecting a pay-out — but the site refuses to stump up the cash. In all, Brute Logic reported more than 30 security issues with Groupon’s site, but the company cites its Responsible Disclosure policy as the reason for not handing over the cash.
On April 17 he contacted Groupon to report the problems and heard back almost immediately with a note saying that the company would investigate and report back shortly. The security team then got back saying that it has managed to isolate the issue and would be back in touch once a patch has been produced.
Brute Logic enquired about the level of financial reward that might be offered, and Groupon responded by saying that the bounty was calculated on a case by case basis, promising to “circle back” with details of what could be offered in this instance.
FULL STORY HERE