Facebook introduces bug bounty program
Posted on 01 August 2011.
Facebook has decided to follow in Google's and Mozilla's steps and institute a bug bounty program rewarding the responsible disclosure of security vulnerabilities in the social networking platform.

"If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you," says Facebook.

The base sum for a responsibly disclosed vulnerability is $500, but the discovery of specific bugs might be rewarded with a higher sum. The Facebook security team has the final say on whether a bug qualifies for a reward.

For those who thought about all those scams circling on Facebook and wondered whether they might make a few bucks by reporting them - don't bother. Among the bugs that won't be considered for the bounty program are spam or social engineering techniques, DoS vulnerabilities, bugs in Facebook's corporate infrastructure and vulnerabilities in third-party websites or apps.

The bugs whose reporting will be rewarded are those that could compromise the integrity or privacy of Facebook user data, such as Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF/XSRF) and Remote Code Injection - as long as the disclosure is deemed responsible by Facebook.

The news has been welcomed and praised by security researchers all over the world, reports Computerworld. The offered sum might seem small when compared to Google awarding up to $3,133 and Mozilla up to $3,000 for a bug, but it's definitely a step in the right direction.

ESET researcher Cameron Camp points out at the possibility for the big bounty program to be used as a recruiting tool, and that might, in the end, prove to be an even bigger incentive.






Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //