This news is a must read for hackers. The social networking giant Facebook announced their willingness to pay hackers, who could prove the security flaws on their site. Those, who find out significant bug problems, are going to receive a huge amount from Facebook. The fee is going to start from $500 and is going to increase depending on how heavy the security fault the researchers found.
Facebook noted that if anyone thinks that they can find a security defect on their site, then they are encouraging anyone to let the company know about it. They are going to investigate each report that they receive. Afterwards, they are going to do something about the security error.
However, Mark Zuckerberg has made it clear that the hackers must register on the white hat page, where they could report the problem. Only those hackers, who abides to the Disclosure Policy is going to get paid. Anyone, who participated in the research should keep quiet and must not reveal the flaws to anyone until Facebook has solved the issue.
The company claims that they are not going to send a police to arrest the hackers who joined their contest if they abide by the policy.
Only the registered researchers are going to get the rights to set up test accounts so that they could ensure that no terms got broken during the research.
Before making the challenge to the hackers, Facebook already hired several engineers to strengthen their online security as they found that their site had been full of security flaws. Lately, the largest social networking site acquires the service of the once iPhone jailbreaker and Sony PlayStation 3 hacker George Hotz. Hotz now works on fixing some security related issues in the site.
The following bugs that could be found on Facebook that does not quality the bounty are Security bugs in third-party applications, Security bugs third-party websites that integrate with Facebook, Security bugs in Facebook’s corporate infrastructure, Denial of Service Vulnerabilities and Spam or Social Engineering techniques.
There are other companies that tried offering bounties to strengthen the security of their sites. The biggest search engine in the world, Google, software company Mozilla and printer company Hewlett-Packard (HP) also use bounties to detect security weakness on their site.
Mozilla made the announcement back in 2004. They will gladly give $500 to $3000 to hackers if the latter found any security problems. The reward depends upon the significance of the security flaws.
In 2010, Google did the same thing with their site. They paid hackers for every security issue that they found. The amount Google pays its hackers ranges from $500 to $3,133.70 depending on the weight of the security issue.
HP never reveals how much they did pay any of the researchers.