Brazilian techie gets biggest Facebook payout to date

Summary:Reginaldo Silva received $33,500 from the company as a reward for detecting a bug in its systems

Facebook announced its largest payment to date to a Brazilian computer engineer for finding one of the worst bugs it could have in its systems.

Reginaldo Silva received $33,500 from the company for his discovery, which was related to an XML external entity vulnerability within a PHP page hosted on its servers utilizing OpenID authentication.

Silva found that the glitch could have allowed hackers to read almost any file as well as open arbitrary network connections on the social network's web server.

On his website, information security expert Silva detailed the entire process of the bug detection, which began in September 2012 when he found a Google flaw that affected libraries implemented in Java, C#, PHP, Ruby, Python and Perl of services including Google properties App Engine and Blogger.

According to the engineer, Google paid him $500 for detecting that flaw.

Despite it being the largest Facebook Bug Bounty to date, Silva seemed to be disappointed that the reward wasn't more generous. He made a reference to a Bloomberg article from July 2012 quoting Facebook’s director for Security Incident Response, Ryan McGeehan, as saying, “If there’s a million-dollar bug, we will pay it out.”

"Unfortunately, I didn't get even close to the one-million dollar payout cited above," Silva says in his blog.

"If you have any comments about how much you think this should be worth, please share them," he adds.

Topics: Security, Social Enterprise

About

Angelica Mari is ZDNet's Brazil Contributing Editor. She has relocated to Brazil, her home country, in 2011 after living and working in Europe for a decade. She started her professional life when she was 14, as a software trainer coaching executives at major Brazilian companies until the age of 17, when she started writing professionally.... Full Bio

Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.