Saturday, July 30, 2011

Facebook Offers $500 bounty For Every Bug Found

Facebook is offering a bounty of $500 for anyone who manages to find bugs in the social networks infrastructure.
In a post titled “Security Bug Bounty”, Facebook said: “To show our appreciation for our security researchers, we offer a monetary bounty for certain qualifying security bugs.”
To be eligible for the $500 bounty, the person must be the first individual to report a bug which “could compromise the integrity or privacy of Facebook user data”.

Facebook gives examples of these bugs as a. Cross-Site Scripting (XSS), b. Cross-Site Request Forgery (CSRF/XSRF), c. Remote Code Injection, etc.
People who want to get the bounty must also allow Facebook to investigate the bug before making it known to the public.
Facebook also says that for a person to qualify, s/he must “Reside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)”

The Facebook bounty is not fixed, however, as the world’s largest social network describes it as: “A typical bounty is $500 USD” with the possibility of an increase probably judged by criticality of the bug.
You can read more from Facebook’s post here.

1 comment:

  1. Hello Contact me on or mail me at