Facebook is the most recent company to come to the bug-bounty party, officially announcing recently that-
“To show our appreciation for our security researchers, we offer a monetary bounty for certain qualifying security bugs.”
Here’s how it works:
Eligibility:
To qualify for a bounty, you must:
- Adhere to our Responsible Disclosure Policy
- Be the first person to responsibly disclose the bug
- Report a bug that could compromise the integrity or privacy of Facebook user data, such as: Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF/XSRF), Remote Code Injection.
- Reside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)
Facebook security team will assess each bug to determine if qualifies.
Rewards:
- A typical bounty is $500 USD
- We may increase the reward for specific bugs
- Only 1 bounty per security bug will be awarded
Exclusions:
The following bugs aren’t eligible for a bounty:
- Security bugs in third-party applications (e.g., http://apps.facebook.com/[app_name])
- Security bugs in third-party websites that integrate with Facebook
- Security bugs in Facebook’s corporate infrastructure
- Denial of Service Vulnerabilities
- Spam or Social Engineering techniques
0 comments:
Post a Comment