Bug Bounty de Facebook: Earn $500 for every Facebook Bugs Report

Bug Bounty Program de Facebook: Earn $500 for every Facebook Bugs Report

Facebook is offering $500 reward for reporting bugs on its site. Although $500 Bug Bounty is very less when compared Microsoft, Google and Mozilla that offers around $3000 Bug Bounty. But money is not the only thing one makes. Reporting Facebook bugs can help a security researcher or software testers make name and fame in the software security world, with potential to earn much more than just bounty.

As HD Moore, the Chief Security Officer at Rapid7 said:
The dollar amounts may be smaller than other markets for security research, but bounty programs lead to a better relationship with the security community and improve the security of the service much faster than a similar resource spend in a traditional security audit.

How to Participate in Facebook Bug Bounty Program:

Facebook launched a new Whitehat Hacking Portal where one can register for the bug bounty program and report bugs. Facebook has also published a acknowledgement list of 42 researchers who have made 'responsible disclosures' in the past, alongwith the current annoucement:
To show our appreciation for our security researchers, we offer a monetary bounty for certain qualifying security bugs.
Facebook Bug Bounty program is for security related bugs and cross site scripting flaws. To qualify for the bounty:
  • You must be the first to report the security glitch.
  • The bug must be native to Facebook (not in third party application e.g Farmville).
  • Disclosures must be "responsible" and you need to give Facebook a reasonable amount of time before reporting the bug publicly.
In 2010, Google has reportedly paid a total estimate of $10000 rewards for its Google Chrome 12 bugs to software developers, testers, researchers who helped to find vulnerabilities in the new Internet Browser Sofwatre. Mozilla too has paid $3000 in hard cash plus a free Mozilla T-shirt under its bug bounty program.

Bug Bounty programs vs In-house Software Security Testing

Facebook, like Microsoft and Google, has been known to hire grey hat hackers in the past. Most recently Facebook has hired George "Geohot" Hotz, the infamous hacker linked with Sony Playstation 3 hacking.

However, an open public challenge Bug Bounty program is not a new concept in the Software world. It not only helps companies offering Sofware as Service (SoS) making their product secure and solid but also proved to be way cheaper than establishing a broad IT infrastructure and hiring an in-house team of security specialist software testers.
8:25 PM

No comments:

Comments which are abusive, offensive, contain profanity, or spam links will be discarded as per our Comments Policy.

Copyright © 2011-2020 iTechWhiz.com powered by Google
Powered by Blogger.