Facebook has recently concluded a comprehensive security run on its ad code and with a view to strengthening its security features and has also announced its decision to double the reward for successful bug detection under its bug bounty program. Currently Facebook pays $500 for people who are able to detect a bug, which will now go up to $1,000.
In a blog post Collin Greene, a security engineer at the social media wrote, “Would like to encourage additional scrutiny from whitehats to see what we may have missed.”
Whitehats is a common reference for security researchers who do not exploit a bug for nefarious activities, while the opposite is blackhats who use it unethically.
Facebook has been able to fix bugs on many occasions through its “Bounty Program” successfully. Some of the recent ones include: Redeeming the same ads coupon multiple times without expiry; retrieving the name of an unpublished page via the ads create flow by guessing its page ID; arbitrary local file read and injecting JavaScript into an ad report email.
Facebook has also published a 4-part elaborate guide for whitehats hackers to make their submission easier and earn money. The guide deals with describing the bug, reproducing the bug, describing the impact and an optional supplementary section. The payment issue is also described as part of the bounty program.
The Bounty Program first came into existence in the year 2011 and since then researchers have earned over $3 million says Facebook.
