Facebook Raises Payment For Its Bug Bounty Program
Kumari Shrivastav - Oct 17, 2019
Facebook said that it will be broadening a number of well-established bug bounty programs which include bounties for hackers finding rare vulnerabilities.
- Facebook Allows You To Shut Down Annoying Alerts
- IIIT-Delhi Student Received A Rs 1.45 Crore Internship Offer From Facebook
- Member Data From Facebook Groups Still Stored Without Permission
On Tuesday, Facebook said that it will be broadening a number of well-established bug bounty programs which include bounties for hackers finding rare vulnerabilities. It has also been upgrading several of its security and protection initiatives.
According to the company's blog posts, it would provide more ways for security researchers to help them detect and disclose flaws in third-party sites and apps integrating with the social network.
As stated by Dan Gurfinkel, the engineering security manager at Facebook, researchers are now not limited to just "passively observing the vulnerability."
That means if authorized by the third party, they can test these apps actively to detect security issues, Facebook stated. So instead of finding bugs by observing an app's traffic, security researchers now look into how a third-party app can abuse user data.
Gurfinkel also said, "This alteration dramatically increases the security research’s extent which our bug hunters network can impart to us and take remunerated for this when they discover possible vulnerabilities in outsider websites and apps."
The lowest amount of a bug is Rs 35,682 and will change depending on how severe the bug is. Besides, researchers are required to show proof that they got authorized by the third party to conduct tests.
In September 2018 saw the first announcement for Facebook’s bug bounty program which aimed at how users' personal data could get leaked via unreliable developers that the company cannot control.
The Cambridge Analytica scandal last year marked the first red flags of privacy concerns from third-party apps for Facebook. Developers created Facebook apps to harvest data for Cambridge Analytica researchers, which threatened user privacy and caused potential political interference.
Security researcher, in April, discovered a Facebook open database that a media firm harvested using an app on the platform.
Bug bounties allow Facebook to broaden the search for data-harvesting apps though it already has a security group for the task. In March last year, the social giant first expanded its own bug bounty program and began considering such apps to be security flaws.
Not only Facebook but also Apple has been revamping bug bounty programs with the highest offer of $1 million for high-level hacks. Rather than abusing flaws, security researchers now search for flaws and bugs that hunters could take advantage of and get remunerated for informing the company.
The bounty often rises in accordance with the rarity of the bug. Often, native code bugs are harder to find as they are hidden deep in the service; therefore, the social network decided to increase the reward for them.
The whole bug payout with a bonus of Rs 10.7 lakh will be given to researchers finding and reporting a zero-click flaw in the Messenger app on iOS if they can provide a proof-of-concept to it, said Facebook. This type of flaws is rare since they don't need to interact with users to affect them.
In November, there will be Pwn2Own Tokyo - a hacker meeting, where the company said it would bring its hardware so that hackers can discover vulnerabilities. In March, Tesla showed a car in Pwn2Own Vancouver and fortunate hackers gained it alongside a reward of Rs 24.98 lakh.
A reward of Rs 42.8 lakh and Rs 28.5 lakh are offered for effective hacks of Facebook Portal Device and Oculus Quest, respectively.