Facebook: Spot bug and get paid

Facebook is upping ante on security. The has paid as much as $40,000 to hackers who detected security flaws on its site in the past three weeks. The company launched its “bug bounty” programme in July end where it offered to pay for undiscovered security bugs that are responsibly disclosed to the company. 

Some forty eight people have successfully identified problems and have been acknowledged on Facebook’s “whitehat” site. The company in a blog post said that it has paid one individual $7,000 for flagging six issues and $5,000 for a particularly bad flaw. 

Facebook also promised ‘hackers’ that even if the methods they use to intrude into Facebook systems are not legal, they would not face any legal action. “…we would not take adverse actions against them when they followed the policy in reporting bugs,” said the company in a blog post. 

“If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you,” Facebook said. 

Incidentally, Facebook is not the first technology company to announce such a programme, Google and Mozilla have similar schemes where they reward hackers to identify vulnerabilities in their systems.