Facebook Launches 'Security Bug Bounty' Program

Status
Not open for further replies.
Jack

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Forum Veteran
Jan 24, 2011
9,380
1
24,873
8,379
malwaretips.com
Facebook has launched a security bug bounty program through which it will pay security researchers for discovering and privately reporting vulnerabilities in its platform.

Eligibility
To qualify for a bounty, you must:
  • Adhere to our Responsible Disclosure Policy:
    ... give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research ...
  • Be the first person to responsibly disclose the bug
  • Report a bug that could compromise the integrity or privacy of Facebook user data, such as:
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF/XSRF)
  • Remote Code Injection
  • Reside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)
Our security team will assess each bug to determine if qualifies.

Rewards
  • A typical bounty is $500 USD
  • We may increase the reward for specific bugs
  • Only 1 bounty per security bug will be awarded

Exclusions
The following bugs aren't eligible for a bounty (and we don't recommend testing for these):
  • Security bugs in third-party applications (e.g., http://apps.facebook.com/[app_name])
  • Security bugs in third-party websites that integrate with Facebook
  • Security bugs in Facebook's corporate infrastructure
  • Denial of Service Vulnerabilities
  • Spam or Social Engineering techniques

Read more
Click to expand...
 
Wow, finally something they did to at least 'try' and stop the malicious stuff on facebook.

That is a nice reward tho :P.

I might look around facebook.
 
They should have a privacy issue bounty, get rich fast.
Then again, this will do just fine.
 
Finally, Facebook's admin have decided to actually take a step towards blocking malware being spread through their service. I already know a few holes.
1: Javascript allowing them to post into your account (Not sure if that's fixed yet)
2: Buttons disguised as Play buttons but are really Like Buttons.
 
Status
Not open for further replies.

You may also like...