Facebook to expand rewards for hackers


Facebook to expand rewards for hackers

Warwick Ashford

Facebook is to expand its reward scheme for hackers who uncover vulnerabilities in its products to include network vulnerabilities.  

Details of the expanded scheme are to be announced this week at the DefCon Hacking Conference in Las Vegas, according to Bloomberg News.

The move comes after its security team received a tip about a vulnerability in its network in May, which was fixed quickly because it would have enabled eavesdropping if exploited.  

Facebook's chief security officer Joe Sullivan said the decision to expand grew out of the success of the bounty programme for products.

While most companies shun what they consider a risky practice, Facebook is among a small group of large firms, which includes Google, Mozilla and Microsoft, that believes so-called "bug bounties" are a way of making computer systems more secure.

Facebook has a big incentive to find ways to protect the personal data of more than 900 million users, because a large breach could be fatal to the social networking firm.

Under its current reward scheme for product vulnerabilities, Facebook has paid from $500 to $10,000 for bug reports, and to date has paid out a total of $400,000 in rewards.

Facebook has indicated that there is no limit to what it will pay to catch weaknesses in internal networks. Ryan McGeehan, who manages Facebook’s security-incident response unit, is quoted as saying: “If there’s a million-dollar bug, we will pay it out.” 

Security researchers said corporate networks are attacked constantly, so it is a wise move by Facebook to engage outsiders who are willing to report bugs instead of selling them to criminals.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy