Facebook Security Bug Bounty
Facebook is the most recent company to come to the bug-bounty party, officially announcing recently that-
“To show our appreciation for our security researchers, we offer a monetary bounty for certain qualifying security bugs.”
Here’s how it works:
Eligibility:
To qualify for a bounty, you must:
-
Be the first person to responsibly disclose the bug
Report a bug that could compromise the integrity or privacy of
Facebook user data, such as: Cross-Site Scripting (XSS), Cross-Site
Request Forgery (CSRF/XSRF), Remote Code Injection.
Reside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)
Facebook security team will assess each bug to determine if qualifies.
Rewards:
A typical bounty is $500 USD
We may increase the reward for specific bugs
Only 1 bounty per security bug will be awarded
Exclusions:
The following bugs aren’t eligible for a bounty:
Security bugs in third-party applications (e.g., http://apps.facebook.com/[app_name])
Security bugs in third-party websites that integrate with Facebook
Security bugs in Facebook’s corporate infrastructure
Denial of Service Vulnerabilities
Spam or Social Engineering techniques
No comments:
Post a Comment