Facebook now offers $500 bounty for bugs reporting
Facebook has started a bug reporting program and reward is $500. Facebook announced this program via facebook page. facebook wrote, “To show our appreciation for our security researchers, we offer a monetary bounty for certain qualifying security bugs.”
Facebook also wrote some eligibility criterias for participating in this program.
To qualify for a bounty, you must:
- Adhere to our Responsible Disclosure Policy (… give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research …)
- Be the first person to responsibly disclose the bug
- Report a bug that could compromise the integrity or privacy of Facebook user data, such as:
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF/XSRF)
- Remote Code Injection
- Reside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)
The program is a better chance for users to find the bug and win the program. But The reward is not enough to attract quality persons to join and find bugs.
Read More
https://www.facebook.com/whitehat/bounty/