Bug Bounty Programme Launched by Facebook

Social networking giant Facebook is now offering cash rewards for researchers who report vulnerabilities on its website.

The company, which joins Google and Mozilla in launching a bug bounty program, will offer $500 to the researcher who responsibly discloses any vulnerability to Facebook.

Although the basic amount being offered by Facebook is quite less when compared to Google and Mozilla, the company said that it is willing to pay more for particularly nasty bugs but failed to elaborate on that.

“To show our appreciation for our security researchers, we offer a monetary bounty for certain qualifying security bugs,” the company said. It also pointed out that researchers should not be from countries against which the US has issued sanctions.

In a blog post, Facebook said that researchers have to report a bug that could compromise the integrity or privacy of Facebook. Some of the bugs that Facebook wants researchers to hunt down are cross-site scripting bugs, cross-Site Request Forgery bugs and remote code injection.

The bugs which are not eligible for the bounty are bugs in third party apps that connect to Facebook, bugs in Facebook’s corporate website, denial of service vulnerabilities and spam or social engineering techniques.