Science

Facebook revamps 'bug bounty' program that has paid as much as $50,000 to hackers who discover flaws


Facebook revamps ‘bug bounty’ program that has paid as much as $50,000 to hackers who find security flaws on its platform

  • Facebook is letting hackers actively probe third-party apps for flaws 
  • Hackers can now actively test apps instead of watching on the sideline 
  • The company hopes it will expand the scope of viable research
  • Flaws found in Facebook’s native apps are eligible for up to a $15,000 bonus 

Facebook will beef up incentives for its bug bounty program which offers payouts for hackers that discover flaws in the platform’s system design.

In a blog post on Tuesday, Facebook announced that it will now let participants in its bug bounty program actively assess third-party apps for security flaws instead of ‘passively observing the vulnerability.’

This means that with the app developers blessing, researchers will be able to be more proactive in their efforts by testing apps actively as opposed to watching on the sideline.

Facebook has expanded a bug bounty program designed to identify security flaws on its platform (Stock photo)

Facebook has expanded a bug bounty program designed to identify security flaws on its platform (Stock photo) 

According to Facebook, will likely increase the scope of its bounty program.

‘This change significantly increases the scope of the security research that our bug bounty community can share with us and get rewarded for when they find potential vulnerabilities in these external apps and websites,’ said Dan Gurfinkel, Security Engineering Manager for Facebook in a statement. 

White hat hackers that report security flaws to Facebook will receive a minimum of $500 for low-security threats and the platform says there will be no upper limit on the highest payment.

According to Wired, the largest bounty ever reported to Facebook received $50,000. Apple’s bug bounty program has a maximum reward of $1 million. 

‘As always, we will issue rewards based on the impact of each valid report and other factors indicated within our terms, with a minimum reward of $500,’ wrote the platform. 

The company says it will also now provide bonuses of up to $15,000 and all the way down to $1,000 for flaws found in its native apps. That sum will be added on to the initial bounty pay-out.

Bug bounty programs are designed to help expand companies’ resources for identifying and closing security flaws in their systems and are now employed by nearly every major tech company, including Google, Apple, and Amazon.  

In July Google also increased incentives offered through its bug bounty program, doubling the max pay-out from $15,000 to up to $30,000. 



READ SOURCE

Leave a Reply

This website uses cookies. By continuing to use this site, you accept our use of cookies.