Tuesday, October 22, 2024

News Feed Comments
You are here: Home / Lingerie Events / Facebook’s Bug Bounty Program Pays $500 to Find Security Bugs

Facebook’s Bug Bounty Program Pays $500 to Find Security Bugs

July 31, 2011 by  
Filed under Lingerie Events

Leave a Comment

Facebook Launches Bug Bounty Program - Ines Teijeiro
Facebook Launches Bug Bounty Program – Ines Teijeiro

Facebook recently announced it is hiring hackers to help find bugs in its popular website. On July 29th, 2011, the social networking giant announced the launching of its Bug Bounty program to help find security-related issues, holes and potential vulnerabilities on Facebook.

Facebook’s Security Researchers

With over 750 million active users, Facebook takes security seriously. According to the website, “security researchers” will be paid at least $500 for finding and responsibly reporting bugs. If a security vulnerability has been discovered, the researchers are asked to send in as much information as possible. In order to receive the award, detailed reproduction steps or benign proof-of-concepts are required and all legitimate reports will be investigated. It goes without saying, strict guidelines are involved.

Facebook’s Bug Bounty Eligibility Rules

In order to be eligible for compensation, researchers must adhere to Facebook’s Responsible Disclosure Policy.

  • Among other things, the policy states researchers must give Facebook a “reasonable time to respond” before making the information public.
  • You must be the first person to “responsibly disclose the bug.”
  • You must live in a country “not under any current U.S. Sanctions.”
  • You agree to report issues that may compromise a user’s information including Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF/XSRF) and Remote Code injection.
  • Only one payment per bug will be awarded.
  • Bugs in third-party applications, third-party websites that integrate with Facebook, Denial of Service Vulnerabilities or Spam or Social Engineering techniques will not be eligible.

Facebook also publicly thanked a group of about 40 researchers who have made “responsible disclosures” in the past.

Other Bug Bounty Programs

Facebook is not the only company to hire hackers. Other companies including Google, Mozilla and Microsoft have been compensating security researchers for finding qualifying security bugs as well.

For instance, Mozilla’s Bug Bounty program pays $3,000 in cold, hard cash plus a free Mozilla T-shirt for finding bugs! Google also has a vulnerability rewards program along with a Security Hall of Fame list. While Google’s base reward for qualifying bugs is $500, rewards up to $3,133.70 may be paid for severe or “unusually clever” bugs.

While compensation rates vary depending on the company, Microsoft offered a $250,000 reward “for information leading to the arrest and conviction of the Rustock operators.” The Rustock botnet infected over 1.6 million computers earlier this year. While Microsoft does not pay bounties for bug finders, the company also offered $250,000 in rewards for information leading to the conviction of those responsible for both the MSBlast worm and Sobig.F.virus as well.

Potential security vulnerabilities are discovered when companies implement bug bounty programs and compensate the security researchers who find them.

Jace Shoemaker-Galloway, Jace Shoemaker-Galloway

Jace Shoemaker-Galloway
- Jace is more than passionate about online safety awareness. She has devoted and dedicated over five years to Internet Safety education


Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Tags: ,

Featured Products

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!