Facebook to offer bug bounty to hackers who find flaws in its systems

Summary:Several companies already reward 'white hat' hackers who responsibly report flaws in their web services, but Facebook is apparently going a step further with payments to those who find vulnerabilities in their internal systems

Facebook and Google have for some time offered bounties to hackers who find vulnerabilities in their public-facing systems, but now the social network has gone a step further by offering to reward hackers who find and report flaws in Facebook's corporate network.

According to a Bloomberg report on Thursday morning, the move will be announced at the DefCon hacking conference. "If there's a million-dollar bug, we will pay it out," Facebook security response chief Ryan McGeehan was quoted as saying.

The idea of a company paying so-called 'white hat' hackers to probe their sites and report flaws — rather than exploiting them — is rare, but far from new . Google and Facebook do it, as do Mozilla, HP and, as of last month, PayPal.

However, rewarding people for breaking into internal systems is an even riskier proposition. According to the Bloomberg piece, Facebook was moved to introduce the new bounty scheme after an external researcher informed the company of a flaw that meant outsiders could listen in to their internal conversations.

Facebook's bug bounty page says the company will pay a minimum of $500 for each responsible disclosure, as long as the bug could "compromise the integrity of Facebook user data, circumvent the privacy protections of Facebook user data, or enable access to a system within Facebook's infrastructure".

The only kinds of bugs that Facebook won't pay out for are those in third-party apps or websites, denial-of-service vulnerabilities, and spam or social engineering techniques, none of which Facebook has any control over.

Topics: Security


David Meyer is a freelance technology journalist. He fell into journalism when he realised his musical career wouldn't be paying many bills. His early journalistic career was spent in general news, working behind the scenes for BBC radio and on-air as a newsreader for independent stations. David's main focus is on communications, of both... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.