Facebook launches 'bug bounty' program

Facebook has chosen to reward users for finding and reporting bugs with their website. Researchers who repeatedly report issues with the service will be paid, with payment starting at $500, with no 'ceiling' limit. However, as would be expected, the system has some guidelines that must be stuck to in order to receive payment. Those who follow the Facebook Responsible Disclosure Policy will receive their money, while those who share the exploits with others will not receive money for their contribution. Once the bug has been fixed they are allowed to go public with the information with no impact on their monetary gain.

Facebook has also rewarded those who have adhered to their policy by posting their name on the Whitehat page. The page has the following to say:

"If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you."

In addition, Facebook's chief security officer, Joe Sullivan, stated that it is "Typically, no longer than a day" taken in order to fix a bug on the site. His statement was made during a conference call with journalists from CNET. The new system of providing monetary rewards is an incentive for users. Under the previous system users were given recognition on the Whitehat page and potentially a job, though the chances of this were slim unless they consistently found fault and helped to fix it.

Facebook is also adding the ability to create test accounts, in order to aid security researchers without impacting on their own Facebook friends list, or their own account. This way, if something goes wrong then the account can be closed and the issue can be reported. Mozilla launched a payment system for those who found and helped to fix bugs back in 2004, and Microsoft has previously offered anywhere up to $250,000 for information leading to the arrest of virus writers.

Report a problem with article
Previous Story

Duke Nukem Forever to get PC specific improvements

Next Story

T-Mobile obtain '4G Windows Phone' stickers - sign of 4G devices to come?

22 Comments

Commenting is disabled on this article.

I think I found the biggest bug.

Go to the Facebook website, and then make sure you are on the home page after you log in.

Now look at the entire site... that is one MASSIVE bug.

BUGS or security exploits? because when it comes to bugs, the new chat has dozens. and no, im not talking about what's supposed to be like that by design

right ok? so i go lalalalala oh look a bug .... i report it ... i could then be in **** or be payed? im thinking a corporation would rather butt **** me then pay me money... il keep what i know to my self thanks

SPEhosting said,
right ok? so i go lalalalala oh look a bug .... i report it ... i could then be in **** or be payed? im thinking a corporation would rather butt **** me then pay me money... il keep what i know to my self thanks

"If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you."

So long as you're not deliberately trying to **** up the service you'll be fine.

SPEhosting said,
right ok? so i go lalalalala oh look a bug .... i report it ... i could then be in **** or be payed? im thinking a corporation would rather butt **** me then pay me money... il keep what i know to my self thanks

Are you suggesting a company wouldn't appreciate you helping make their service better?

Callum said,

Are you suggesting a company wouldn't appreciate you helping make their service better?

depends.... is it a small or medium business who just wana make it in the big world? or a big company with lots of money that like to crush people O.o im sure they would be very happy to get the help but would try and get it for free lol

andrewbares said,
This isn't for bugs, it sounds more like security exploits.... Quite different

Was thinking the same thing, would need clearing up!

MichaelJTKnox said,

Was thinking the same thing, would need clearing up!

depends a bug could open a way in... just a simple line in code all i need to do is some simple url editing i cant tell you to do what though

SPEhosting said,

depends a bug could open a way in... just a simple line in code all i need to do is some simple url editing i cant tell you to do what though

http://computer.yourdictionary.com/bug

Bugs are typically considered errors or glitches, not security exploits. Yes, a bug could possibly be used to hack inside the software, but they're not really the same

boumboqc said,
I don't know where to start.. hum..
THE NEW CHAT IS BROKEN AS ****

It's not broken because it works exactly how Facebook intended it to (the list of online people does change and it isn't based solely on who you talk to most).

boumboqc said,

I don't know where to start.. hum..
THE NEW CHAT IS BROKEN AS ****


For me, the Messages and Chat features have been totally broken and unusable
since 5th May! Despite almost daily e-mails (all of which were ignored) I've had
to create a second profile/account just to be able to use FB Messages again!

Andrew Hunt said,
So if you happen to break Facebook while looking for bugs you may have a lawsuit knocking on the door? No thank you...

"If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you."

In other words, so long as you're making efforts not to disrupt the service, if it happens by accident it won't be a problem.

Merson316 said,
If they did this with there iPhone app everyone would be multimillionaires...

I was thinking the exact same thing! HAHA