A few weeks ago I blogged about the scheme that rewards well-to-do hackers for finding problems with Facebook’s programming and alerting them of this fact. The bug bounty program aims to encourage security researchers to help bolster Facebook against attack.
And now Facebook have made good on their word, by paying out around £25,000 in rewards over the first 21 days of this program. The bugs found have to fall within certain criteria, and the minimum price paid to the first person who properly reports an individual bug is $500, while the finder of the most serious loopholes can pocket anything up to a cool $5,000. One security researcher has already earned themself $7,000 for finding six serious bugs within the social networking site.
But Joe Sullivan, Facebook’s chief security officer, did warn that criminally minded bug spotters might get more for what they found if they were to sell the knowledge through an underground market. He added that this scheme might also be missing out on the source of some of the biggest problems.
“They’re specifically not going to reward people for identifying rogue third-party Facebook apps, clickjacking scams and the like,” he said. “It’s those sorts of problems which are much more commonly encountered by Facebook users and have arguably impacted more people.”
So while Facebook may be making strides forward in terms of improving their security on the site, there are still rogue applications and loopholes that can cause damage to your profile and possibly result in loss of content. If you’re an avid user, you may want to think about backing up your Facebook account.