Facebook bug bounty programme extended for ethical hackers
Facebook’s bug bounty programme for ethical hackers and security researchers has been expanded to allow bug bounty hunters to be able to actively test third-party apps for security issues, as long as the third party authorises the research.
Facebook’s bug bounty programme rewards the ethical hackers and researchers for valid bug reports in third-party apps and websites that integrate with Facebook.
Last year Facebook chose to reward researchers by launching an industry-first bug bounty for third-party apps and websites to find vulnerabilities that involve the improper use and exposure of Facebook user data.
The social media giant said in a statement: “To be eligible, we ask that researchers comply with the third-party’s vulnerability disclosure or bug bounty programme before submitting their findings to Facebook.”
Facebook has said it will issue rewards based on the impact of each report, with a minimum reward of $500, with bug bounty hunters now being able to test third-party apps for security issues, as long as the third party authorises the hackers.
Facebook said: “This change significantly increases the scope of the security research that our bug bounty community can share with us and get rewarded for when they find potential vulnerabilities in these external apps and websites.”
Recently, it was reported that a 26-year-old Chennai based independent security researcher, Laxman Muthiyah, had received a total of $62,000 over a five year period by finding security flaws in Facebook and its photo app, Instagram.
Last year, Rohit Kumar, a second-year student at Lovely Professional University, India, was inducted into the Facebook Hall of Fame for being among the top-20 bug bounty hunters in 2018. According to cybersecurity firm, HackerOne, ethical hackers from India also claimed the second-highest share of bounties in the world, after the US.