We have had submissions from over 16 countries and have already payed out over $150, 000 in bounties. In the process we have built great relationships with some amazing researchers from every corner of the globe. And yes, we do have a summer intern coming who we met through the program.
I don't think it has influenced the way we review code, but it does make us feel even better about the overall review process we have in place being as complete as possible. We intend to keep investing in this program and are always looking for feedback on how to make it better.
Our latest iteration was to add a debit card as a payment option so that we can reload easily for people who submit bugs regularly.
As the number of Facebook users grows seemingly exponentially, does your security team as well? What security-related problems currently give you the biggest headaches?
We do continue to grow in size, but we are also constantly challenging ourselves to develop in such a way that every employee focused on security has a greater individual impact tomorrow than that person did today. We can do that both by continuing to innovate on our approaches to security and investing in system and infrastructure.
Fortunately, we reacted quickly and have had success beating it back. In addition to improving internal detection mechanisms, we have worked with browser vendors to make it harder for spammers to take advantage of this vulnerability in the browser, and we have partnered with external companies to make our malicious link detection system more robust. We are still battling this but thankfully it is much less of a headache than it use to be.
I can't remember the last time I saw a bogus or information-collecting app being pushed onto users by third party developers, and I recall them being plentiful at one point in time. How did you solve that particular problem?
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.