When coders and online security researchers find errors in websites or software, the companies behind the programs will often pay out a bounty to the person who discovered the issue. The programs are intended to create an incentive for researchers to privately report issues and allow vendors to release fixes before hackers take advantage of flaws.
A 17-year-old German student says he found a security flaw in PayPal's website but was denied a reward because he's too young. On PayPal’s website, the company lists the terms for rewarding people who find bugs, but mentions nothing about the age of the discoverer.
The details of the vulnerability, i.e cross-site scripting flaw (XSS), is posted on Full Disclosure section.
In Past we have seen that many times PayPal tried to cheat with new security researchers by replying various reasons on reporting bugs i.e "already reported by someone else", "domain / sub-domain is not under bounty program", "we run out off bounty program budget this year" and this time "because the teen is not yet 18 years old."
Robert Kugler is a German student who has found bugs for companies like Microsoft and Mozilla in the past. His work on uncovering problems in Mozilla’s Firefox browser has earned him about $4,500 over the past two years.
At last, he demanded from PayPal to acknowledge his finding and send him some documentation so that he can use it in a job application, but so far, he hasn't received anything.