Khalil Shreateh, the man who gained international fame a few days ago by writing on the Facebook wall of its CEO Mark Zuckerberg to prove there was a security flaw in the service, will get a monetary reward for finding the bug, but it won"t be coming from Facebook itself.
Instead, the reward will come from a crowd sourced donation campaign on the Gofundme website. The page was set up by Marc Maiffret, the chief technology officer of the security firm BeyondTrust. He felt that Facebook"s decision to not offer a bounty to Shreateh for finding the exploit was wrong, saying, "Let us all send a message to security researchers across the world and say that we appreciate the efforts they make for the good of everyone."
The goal was to raise $10,000 and so far, the campaign has raised over $11,000 in about a day. Maiffret says he is now in touch with Shreateh and is working with Gofundme to transfer the money to him.
Meanwhile, Facebook has now admitted that they "failed in our communication" with Shreateh when he tried to report the bug through normal channels before he decided to write on Zuckerberg"s wall. In a Facebook post, the company"s chief security officer Joe Sullivan stated:
We get hundreds of submissions a day, and only a tiny percent of those turn out to be legitimate bugs. As a result we were too hasty and dismissive in this case. We should have explained to this researcher that his initial messages to us did not give us enough detail to allow us to replicate the problem.
Facebook will offer more detailed information on how to report an exploit from now on and will also improve their email communications with the people who report on such bugs. However, the company is still refusing to offer a bounty to Shreateh, with Sullivan saying, "It is never acceptable to compromise the security or privacy of other people."