A number of companies try to keep their websites and services in check by offering ‘bounty’ on the discovery of new bugs and vulnerabilities. PayPal is also a part of this list, offering rewards for such findings under its ‘Bug Bounty Program.’ However, the company recently refused to pay a teenager after he found a vulnerability in its website.
The vulnerability in question was discovered by Robert Kugler, a 17-year-old German student. According to Kugler, he notified PayPal of his discovery but the company responded by saying that since he was under 18 years old, he didn’t quality for the reward.
Interestingly, in the detailed set of terms and conditions that PayPal provides in the ‘Bug Bounty Program’ section, the company makes no mention of any age restrictions that may apply to the participants.
The claim by PayPal is further punctured by the fact that Kugler has been a ‘bounty-hunter’ for quite some time and has been able to identify bugs in Firefox as well as other major platforms, for which he was rewarded by Mozilla for two years in a row.
PayPal hasn’t made any comment about the whole issue so far and it remains to be seen whether or not the company will affirm Kugler’s claim. According to Kugler, he doesn’t exactly look forward to the money but would certainly appreciate some form of recognition from PayPal, or any documentation that he can cite in his job application. Even if PayPal’s ambiguous rules bereave Kugler of the prize money, he certainly deserves recognition for his discovery.
Courtesy: PC World