Facebook Rewards $500 for Every Bug Reported
By on August 1st, 2011

Remember Google’s Chrome Bug Bountyprogram? Well, when Google released Google Chrome 12, it announced on its blog that it rewarded developers/researchers who found vulnerabilities (bugs) in its code. Earlier in August 2010, it was reported that Google gave away a total estimate of $10k of rewards. Mozilla too has the bug bounty program which pays $3,000 in hard cash plus a free Mozilla T-shirt for finding bugs!

Facebook has joined Google and Mozilla, and is following the “Bug Bounty” program, by rewarding its security researchers. However, the reward offered is way too less. For security related bugs – cross site scripting flaws, for example – the company will pay a base rate of $500, but if they’re highly significant flaws, Facebook has promised to pay more. However, the company executives haven’t revealed the bonus reward.

“To show our appreciation for our security researchers, we offer a monetary bounty for certain qualifying security bugs,” Facebook stated on its portal.

Facebook launched a new Whitehat hacking portal where researchers can sign up for the program and report bugs. They have also published a list of about 42 researchers who have made responsible disclosuresin the past.

Facebook Bug Bounty Program

With over 750 million  active  users, looks like Facebook is highly concerned about its security issues. Facebook hired a computer hacker who was recently sued by Sony for hacking the online gaming system PlayStation 3, last month.

If a bug has been discovered, the researchers  are asked to provide  as much information as possible. In order to receive the award, a detailed  explanation of steps is  required and all legitimate reports will be investigated.

Here’s the company’s policy -

“If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you.”

In addition to that, the researcher who reports a bug first is only rewarded. For instance, if two researchers find the same bug individually, the first one who reports it will be eligible to claim the reward.

Facebook’s Bug Bounty Eligibility Rules

In order to be eligible for the reward, researchers must follow to Facebook’s Responsible Disclosure Policy.

  • You must be the first person to responsibly disclose the bug.
  • Give Facebook a reasonable time to respond to your report before making any information public.
  • You must live in a country not under any current U.S. Sanctions.
  • You agree to report issues that may compromise a user’s information including Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF/XSRF) and Remote Code injection.
  • Only one payment per bug will be awarded.
  • Bugs in third-party applications, third-party websites that integrate with Facebook, Denial of Service Vulnerabilities or Spam or Social Engineering techniques will not be eligible.

Google, Mozilla and Facebook are not the only ones who reward its security researchers. Microsoft does it too. Microsoft, on the other hand, offers a big reward of US$250,000 to anyone who provides information on a virus culprit who masquerades in the Windows theme.

Tags: , , ,
Author: Joel Fernandes Google Profile for Joel Fernandes
Joel Fernandes (G+) is a tech enthusiast and a social media blogger. During his leisure time, he enjoys taking photographs, and photography is one of his most loved hobbies. You can find some of his photos on Flickr. He does a little of web coding, and maintains a tech blog of his own - Techo Latte. Joel is currently pursuing his Masters in Computer Application from Bangalore, India. You can get in touch with him on Twitter - @joelfernandes, or visit his Facebook Profile for more information.

Joel Fernandes has written and can be contacted at joel@techie-buzz.com.
  • http://pureinfotech.com Pit

    That is pretty cool and more for programmers, but not for regular users : (

    Thanks,

 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN