Home
Full Profile
Add as friend
Add as foeFacebook is paying out an average of more than £1,000 per
day to outside security experts to
act as “bounty hunters” by finding bugs in its software that
could be exploited by malicious hackers.
The three-week-old project has already handed out rewards
totalling around £25,000, including more than £4,300 to
one individual who has reported six potential vulnerabilities.
The largest single payment of more than £3,000 went to a
security expert who made a “one really good report”, said Joe
Sullivan, Facebook’s chief security officer .
“The program has also been great because it has made our
site more secure – by surfacing
issues large and small,
introducing us to novel attack
vectors, and helping us improve
lots of corners in our code” he said.
The Bug Bounty Program has
also been well-received by
security commentators, who are
often critical of the way large
companies respond to bug
reports.
“Whitehat” hackers, who do not
exploit the vulnerabilities they
come across, have in the past
found themselves the subject of
criminal investigations after
telling service providers about
them.
RELATED ARTICLES
Student hacker 'penetrated'
Facebook 18 Aug 2011
Facebook used to hack banks 14
Aug 2011
Hackers attack Facebook's Mark
Zuckerberg 26 Jan 2011
Facebook’s own internal security
team also scour the millions of
line of software code that run
the world’s biggest social
network for vulnerabilities that
could allow malicious hackers to
steal data, but the Bug Bounty
Program is a formal invitation for
outsiders to help.
“We received really positive
feedback when we launched our
responsible disclosure policy last
year, in which we told
researchers we would not take
adverse actions against them
when they followed the policy in
reporting bugs,” said Mr Sullivan.
“We are one of the first
companies to clearly lay out our
policy in order to make those
who discover vulnerabilities
more comfortable in reporting,
and we are happy to see that
other organizations are adopting
a similar stance.”
Google launched a similar
scheme last year, which initially
covered the open source project
allied to its Chrome browser, but
was later expanded to invite
whitehat hackers to probe its,
websites including google.com
and youtube.com. TippingPoint, a
corporate security vendor owned
by HP, also pays cash rewards for
new vulnerabilities.
Facebook does not reward all
hacking, however.
Earlier this month Glenn
Mangham, a 25-year-old
student from York , appeared at
Westminster Magistrates’ Court
on five charges related to
hacking into Facebook. The firm
said no user data was
compromised.
[/quote]
http://telegraph.co.uk/technology/facebook/8731490/Facebook-pays-out-25000-to-whitehat-hackers.html
day to outside security experts to
act as “bounty hunters” by finding bugs in its software that
could be exploited by malicious hackers.
The three-week-old project has already handed out rewards
totalling around £25,000, including more than £4,300 to
one individual who has reported six potential vulnerabilities.
The largest single payment of more than £3,000 went to a
security expert who made a “one really good report”, said Joe
Sullivan, Facebook’s chief security officer .
“The program has also been great because it has made our
site more secure – by surfacing
issues large and small,
introducing us to novel attack
vectors, and helping us improve
lots of corners in our code” he said.
The Bug Bounty Program has
also been well-received by
security commentators, who are
often critical of the way large
companies respond to bug
reports.
“Whitehat” hackers, who do not
exploit the vulnerabilities they
come across, have in the past
found themselves the subject of
criminal investigations after
telling service providers about
them.
RELATED ARTICLES
Student hacker 'penetrated'
Facebook 18 Aug 2011
Facebook used to hack banks 14
Aug 2011
Hackers attack Facebook's Mark
Zuckerberg 26 Jan 2011
Facebook’s own internal security
team also scour the millions of
line of software code that run
the world’s biggest social
network for vulnerabilities that
could allow malicious hackers to
steal data, but the Bug Bounty
Program is a formal invitation for
outsiders to help.
“We received really positive
feedback when we launched our
responsible disclosure policy last
year, in which we told
researchers we would not take
adverse actions against them
when they followed the policy in
reporting bugs,” said Mr Sullivan.
“We are one of the first
companies to clearly lay out our
policy in order to make those
who discover vulnerabilities
more comfortable in reporting,
and we are happy to see that
other organizations are adopting
a similar stance.”
Google launched a similar
scheme last year, which initially
covered the open source project
allied to its Chrome browser, but
was later expanded to invite
whitehat hackers to probe its,
websites including google.com
and youtube.com. TippingPoint, a
corporate security vendor owned
by HP, also pays cash rewards for
new vulnerabilities.
Facebook does not reward all
hacking, however.
Earlier this month Glenn
Mangham, a 25-year-old
student from York , appeared at
Westminster Magistrates’ Court
on five charges related to
hacking into Facebook. The firm
said no user data was
compromised.
[/quote]
http://telegraph.co.uk/technology/facebook/8731490/Facebook-pays-out-25000-to-whitehat-hackers.html
