Facebook has just launched a new bug bounty program where it rewards researchers who find security holes in the social network. The reward will be paid in dollars, which starts off at $500 and has no maximum set. However, they will have to follow Facebook’s Responsible Disclosure Policy and agree not to go public with the vulnerability information until Facebook has fixed the problem.
I guess this is a great way to get all the bugs weeded out of the system without being painted in a bad light – after all, who wouldn’t like $500 (or more) to keep their mouth shut for a day or two (apparently it usually takes no longer than a day to fix a bug). And that amount of money is nothing to Facebook when compared to the bad publicity it would receive if the public caught wind of the vulnerability before the network did.
In addition to the monetary bounty, researchers have been awarded a name drop in the Facebook Whitehat page and some of them were even offered jobs to work at the company. Sounds like a good enough incentive to get cracking. I wonder if it’s possible to make a living off locating bugs in the service. Find out more about the bounty program.