#Facebook launches bug bounty program - #fb
Facebook
is set to announce today a bug bounty program in which researchers will
be paid for reporting security holes on the popular social-networking
Web site.
Compensation, which starts at $500 and has no maximum set, will be paid only to researchers who follow Facebook's Responsible Disclosure Policy and agree not to go pub
lic with the vulnerability information until Facebook has fixed the problem. "Typically, it's no longer than a day" to fix a bug, Facebook Chief Security Officer Joe Sullivan told CNET in a conference call.
Facebook's Whitehat page for security researchers says: "If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you."
Compensation, which starts at $500 and has no maximum set, will be paid only to researchers who follow Facebook's Responsible Disclosure Policy and agree not to go pub
lic with the vulnerability information until Facebook has fixed the problem. "Typically, it's no longer than a day" to fix a bug, Facebook Chief Security Officer Joe Sullivan told CNET in a conference call.
Facebook's Whitehat page for security researchers says: "If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you."
Comments
Post a Comment