Money Matters, Simplified.
Facebook offers hackers $500 for reporting bugs on site
by NeelamGoswami - August 1, 2011 - comments
Facebook’s base reward of $500 falls too short is comparison to what other companies offer, like Google's $3000+, Mozilla's $3,000, and Microsoft's $250,000.
Facebook is offering a bounty for the detection and reporting of bugs on its website. According to several online reports, apparently too tired of bugs which strike the social networking site often, Facebook has started paying reward for reporting bugs.
The Palo Alto, California based company announced Friday it is hiring hackers to help find security-related bugs, holes and potential vulnerabilities on its popular website.
FB launches Bug Bounty program
On July 29th, 2011, Facebook announced the launching of its Bug Bounty program to help find security-related issues native to its social network site.
Under the reward program, Facebook will pay “security researchers” at least $500 for finding and responsibly reporting bugs, an amount which is far less than bug bounties offered by companies like Google or Microsoft.
"To show our appreciation for our security researchers, we offer a monetary bounty for certain qualifying security bugs," Facebook wrote on a blog post entitled "Security Bug Bounty."
"Our security team will assess each bug to determine if qualifies."
To qualify for a bounty, one must adhere to Facebook's Responsible Disclosure Policy, according to Facebook’s "Security Bug Bounty" page.
Only $500?
Facebook’s base reward of $500 falls too short is comparison to what other companies offer, like Google's $3000+, Mozilla's $3,000, and Microsoft's $250,000.
Though the basic reward amount is $500, but Facebook say, “We may increase the reward for specific bugs.”
It also noted on its "Security Bug Bounty" page that only one bounty per security bug will be awarded.
"In the past we've focused on name recognition by putting their name up on our page, sending schwag out and using this an avenue for interviews and the recruiting process," said Alex Rice, Facebook's product security lead. "We're extending that now to start paying out monetary rewards."
Who’s eligible?
To qualify for a bounty, one must adhere to Facebook's Responsible Disclosure Policy, according to Facebook’s "Security Bug Bounty" page.
Under the policy, researchers must give Facebook a “reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research.”
Also, one must be the first person to responsibly disclose the bug, and must live in a country “not under any current U.S. Sanctions.”
The page also states that “bugs in third-party applications (such as Farmville), third-party websites that integrate with Facebook, Denial of Service Vulnerabilities or Spam or Social Engineering techniques” will not be eligible.