Facebook is widening its bug bounty vulnerabilities program, which pays people to report potential problems with the social network…
Social media giant Facebook is increasing its bounty amounts for reporting data abuse. Security sleuths can now earn more — at least $500 — for uncovering data vulnerabilities in third-party apps.
Facebook Data Abuse Report Reward Program Expanded
To be eligible for the higher payouts, code crunchers will have to use active penetration tests. Plus, conduct said tests with the permission of the third-party. Furthermore, they’ll have to likewise abide by the company’s bounty and disclosure rules.
Although the standards are more rigorous, this could lead to improved security and better data controls for end users.
Dan Gurfinkel, Security Engineering Manager, writes:
“…we are expanding the scope of this program to reward valid bug reports in third-party apps and websites that integrate with Facebook when they are found through active pen-testing authorized by the third-party rather than just by passively observing the vulnerability. To be eligible, we ask that researchers comply with the third-party’s vulnerability disclosure or bug bounty program before submitting their findings to Facebook. This change significantly increases the scope of the security research that our bug bounty community can share with us and get rewarded for when they find potential vulnerabilities in these external apps and websites.”