I WANT 5% OF ANY BUG BOUNTY YOU FIND FOR BRINGING THIS TO YOUR ATTENTION:
Facebook Pays $40,000 To Bug Spotters
1 Person Made More Than $7,000 For Flagging 6 Issues
By Laurie Segall
NEW YORK (CNNMoney) -- Facebook wants you to try to hack into its site -- and if you succeed, it will pay you for the details.
Facebook said this week that that it has paid out more than $40,000 under its new "bug bounty" security initiative. Launched three weeks ago, Facebook's program invites security researchers -- both the professional kind and hacker hobbyists -- to send it the details of any Facebook vulnerabilities that they uncover. If the report checks out, Facebook will pay a finder's fee of at least $500.
It's willing to go higher for extra-impressive bug spotting.
"We've already paid a $5,000 bounty for one really good report," Facebook Chief Security Officer Joe Sullivan wrote in a blog post. "One person has already received more than $7,000 for six different issues flagged."
Although the social networking has its own security team, Facebook launched its bug bounty program to tap into the collective wisdom of the site's 750 million users.
"We hire the best and brightest, and have implemented numerous protocols," Sullivan wrote. "We realize, though, that there are many talented and well-intentioned security experts around the world who don't work for Facebook."
Researchers from more than 16 countries have successfully submitted bounty bugs, Facebook said. Its public "thank you" list names dozens of contributors.
Facebook also took pains to assure bug-hunters that it won't take any legal action against those who submit bugs, even if they were uncovered through less-than-legal routes into Facebook's systems.
That's often how hackers find vulnerabilities, but even those without any ill intent -- so-called "white-hat hackers" -- can land in hot water with companies if they tell them about their intrusion.
"We worked with several third-party groups to ensure that the language in our policy protects researchers and makes clear our intent to work with, not punish, those who report information," Sullivan wrote.
The Electronic Frontier Foundation, an advocacy group that often weighs in on Internet-related legal issues, is a fan of that approach.
"We hope to see others follow Facebook's lead and go even further," the EFF wrote last year about Facebook's security policy. "The more transparent companies are about their approaches to vulnerability disclosure -- and the more they encourage users to come forward -- the more often they will learn about problems that need to be fixed."
If they are any good at screening people they could hire some of the best security staff available through all this.
On the other hand..the longer they drag it out, the longer they pull attention away from everyone else, including us. Administering a server is like having a Bar B Que for nymphomaniacs at a nude beach. You have to physically watch any and all suspicions, hunches, gestures and be prepared to disarm anything or anyone.
And trust me the attempts are none stop.
Thats it?...I was waiting for my 1st bonus check from you already.... :innocentwhistle:
:laf: :laf: Well first of all I dont do facebook. I think it's ridiculous with the number of people on it, the things that are there, and the havoc it has created for some peoples lives.
Second, I wouldnt have time to try to crack the place if I wanted to. Not to mention their system is wayyyyy above me to begin with. :eyebrownod:
Im with you on that face book...geez everyone is constantly asking me if I am on it and I tell them no I have a life in real time :yoyo:
10-4 on NO FACEBOOK!! People hang way too much personal info out there!