Facebook Launches 'Security Bug Bounty' Program

Status
Not open for further replies.
Jack

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Facebook has launched a security bug bounty program through which it will pay security researchers for discovering and privately reporting vulnerabilities in its platform.

Eligibility
To qualify for a bounty, you must:
  • Adhere to our Responsible Disclosure Policy:
    ... give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research ...
  • Be the first person to responsibly disclose the bug
  • Report a bug that could compromise the integrity or privacy of Facebook user data, such as:
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF/XSRF)
  • Remote Code Injection
  • Reside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)
Our security team will assess each bug to determine if qualifies.

Rewards
  • A typical bounty is $500 USD
  • We may increase the reward for specific bugs
  • Only 1 bounty per security bug will be awarded

Exclusions
The following bugs aren't eligible for a bounty (and we don't recommend testing for these):
  • Security bugs in third-party applications (e.g., http://apps.facebook.com/[app_name])
  • Security bugs in third-party websites that integrate with Facebook
  • Security bugs in Facebook's corporate infrastructure
  • Denial of Service Vulnerabilities
  • Spam or Social Engineering techniques

Read more
Click to expand...
 
K

K__M

New Member
Jun 14, 2011
344
Wow, finally something they did to at least 'try' and stop the malicious stuff on facebook.

That is a nice reward tho :p.

I might look around facebook.
 
Dejan

Dejan

New Member
Mar 3, 2011
559
They should have a privacy issue bounty, get rich fast.
Then again, this will do just fine.
 
V

Vextor

Finally, Facebook's admin have decided to actually take a step towards blocking malware being spread through their service. I already know a few holes.
1: Javascript allowing them to post into your account (Not sure if that's fixed yet)
2: Buttons disguised as Play buttons but are really Like Buttons.
 
Status
Not open for further replies.

Similar threads

vtqhtr413
    • Like
    • Wow
    • +Reputation
Technology Apple won't pay bug bounty to Russian cybersecurity firm Kaspersky Lab
Replies
2
Views
727
Technology News
The_King
The_King
CyberTech
    • Like
    • Applause
HackerOne paid ethical hackers over $300 million in bug bounties
Replies
0
Views
870
News Archive
CyberTech
CyberTech
oldschool
    • +Reputation
    • Like
    • Applause
Hot Take Rapidly Leveling up Firefox Security
Replies
1
Views
447
Firefox
Sorrento
Sorrento

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top