Friday, July 29, 2011

Facebook Security Bug Bounty

To show our appreciation for our security researchers, we offer a monetary bounty for certain qualifying security bugs. Here's how it works:


To qualify for a bounty, you must:


Adhere to our Responsible Disclosure Policy:
... give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research ...
Be the first person to responsibly disclose the bug
Report a bug that could compromise the integrity or privacy of Facebook user data, such as:
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF/XSRF)
Remote Code Injection
Reside in a country not under any current U.S. Sanctions (e.g., North Korhea, Libya, Cuba, etc.)



A typical bounty is $500 USD
We may increase the reward for specific bugs
Only 1 bounty per security bug will be awarded


Source: http://www.facebook.com/whitehat/bounty/

No comments: