Some forty eight people have successfully identified problems and have been acknowledged on Facebook’s “whitehat” site. The company in a blog post said that it has paid one individual $7,000 for flagging six issues and $5,000 for a particularly bad flaw.
Facebook also promised ‘hackers’ that even if the methods they use to intrude into Facebook systems are not legal, they would not face any legal action. “…we would not take adverse actions against them when they followed the policy in reporting bugs,” said the company in a blog post.“If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you,” Facebook said.
Incidentally, Facebook is not the first technology company to announce such a programme, Google and Mozilla have similar schemes where they reward hackers to identify vulnerabilities in their systems.