Facebook to offer bug bounty to hackers who find flaws in its systems

Facebook to offer bug bounty to hackers who find flaws in its systems

Summary: Several companies already reward 'white hat' hackers who responsibly report flaws in their web services, but Facebook is apparently going a step further with payments to those who find vulnerabilities in their internal systems

SHARE:
TOPICS: Security
1

Facebook and Google have for some time offered bounties to hackers who find vulnerabilities in their public-facing systems, but now the social network has gone a step further by offering to reward hackers who find and report flaws in Facebook's corporate network.

According to a Bloomberg report on Thursday morning, the move will be announced at the DefCon hacking conference. "If there's a million-dollar bug, we will pay it out," Facebook security response chief Ryan McGeehan was quoted as saying.

The idea of a company paying so-called 'white hat' hackers to probe their sites and report flaws — rather than exploiting them — is rare, but far from new. Google and Facebook do it, as do Mozilla, HP and, as of last month, PayPal.

However, rewarding people for breaking into internal systems is an even riskier proposition. According to the Bloomberg piece, Facebook was moved to introduce the new bounty scheme after an external researcher informed the company of a flaw that meant outsiders could listen in to their internal conversations.

Facebook's bug bounty page says the company will pay a minimum of $500 for each responsible disclosure, as long as the bug could "compromise the integrity of Facebook user data, circumvent the privacy protections of Facebook user data, or enable access to a system within Facebook's infrastructure".

The only kinds of bugs that Facebook won't pay out for are those in third-party apps or websites, denial-of-service vulnerabilities, and spam or social engineering techniques, none of which Facebook has any control over.

Topic: Security

David Meyer

About David Meyer

David Meyer is a freelance technology journalist. He fell into journalism when he realised his musical career wouldn't pay the bills. David's main focus is on communications, as well as internet technologies, regulation and mobile devices.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Hey make it better....

    but don't expect a permanent job from Zuckerburg or the CIA.
    partman1969@...