Facebook offers bug hunter bounties

The typical reward for finding a Facebook flaw will be $500, Zuckerburg's firm says.


Facebook has launched a security bug bounty programme to reward researchers for making the social network a safer place.

Various Web 2.0 giants offer similar rewards for flaw finders, with Google handing out many monetary prizes for disclosure of bug information.

"This is another way that we would like to show our appreciation to the security researchers who help us keep Facebook safe and secure for everyone," Facebook said.

Facebook has created a new whitehat portal where it outlines the company's responsible disclosure policy.

Advertisement - Article continues below
Advertisement - Article continues below

"If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you," the social network said.

Facebook said a typical bounty would be $500 (304), but for certain bugs the reward would be higher. Only one bounty will be awarded per bug.

Bugs in third-party applications do not apply as Mark Zuckerburg's firm only wants to be notified of vulnerabilities which "could compromise the integrity or privacy of Facebook user data."

In particular, Facebook called for info on cross-site scripting flaws and remote code injection vulnerabilities.

Last month, pharmaceutical giant Pfizer had its Facebook page hacked, with hacktivist group The Script Kiddies claiming responsibility.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now


Policy & legislation

Irish Data Protection Commission has questions for Facebook

29 Jan 2019
internet security

Facebook exec calls Cambridge Analytica scandal a "non event"

8 Jan 2020
cloud computing

Google adds partners to real-time translation tools

8 Jan 2020

The IT Pro Products of the Year 2019: All the year’s best hardware

24 Dec 2019

Most Popular

data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
cyber security

If not passwords then what?

8 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020