Facebook has spent $40,000 (£25,000) in the first 21 days of a program that rewards the discovery of security bugs. The bug bounty program aims to encourage security researchers to help harden Facebook against attack. One security researcher has been rewarded with more than $7,000 for finding six serious bugs in the social networking site. The program runs alongside Facebook's efforts to police the code it creates that keeps the social site running. A blog post by Facebook chief security officer Joe Sullivan revealed some information about the early days of the bug bounty program. He said the program had made Facebook more secure by introducing the networking site to "novel attack vectors, and helping us improve lots of corners in our code". The minimum amount paid for a bug is $500, said Mr Sullivan, up to a maximum of $5000 for the most serious loopholes. The maximum bounty has already been paid once, he said. Many cyber criminals and vandals have targeted Facebook in many different ways to extract useful information from people, promote spam or fake goods. It's hardly surprising that the service is riddled with rogue apps and viral scams” End Quote Graham Cluley Sophos Mr Sullivan said Facebook had internal bug-hunting teams, used external auditors to vet its code and ran "bug-a-thons" to hunt out mistakes but it regularly received reports about glitches from independent security researchers. Facebook set up a system to handle these reports in 2010 which promised not to take legal action against those that find bugs and gave it chance to assess them. Paying those that report problems was the logical next step for the disclosure system, he said. Graham Cluley, senior technology consultant at Sophos, said many other firms, including Google and Mozilla, run similar schemes that have proved useful in rooting out bugs. However, he said, many criminally-minded bug spotters might get more for what they find if they sell the knowledge on an underground market. He added that the bug bounty scheme might be missing the biggest source of security problems on Facebook. "They're specifically not going to reward people for identifying rogue third party Facebook apps, clickjacking scams and the like," he said. "It's those sorts of problems which are much more commonly encountered by Facebook users and have arguably impacted more people." Facebook should consider setting up a "walled garden" that only allowed vetted applications from approved developers to connect to the social networking site, he said. "Facebook claims there are over one million developers on the Facebook platform, so it's hardly surprising that the service is riddled with rogue apps and viral scams," he said.
GMT 17:42 2018 Wednesday ,31 October
Launch of cargo spacecraft Progress MS-10 to ISS set for 16 NovemberGMT 14:18 2018 Saturday ,27 October
First launch of Soyuz-FG booster after Oct 11 incident scheduled on 16 NovGMT 16:58 2018 Monday ,22 October
Report on Soyuz-FG vehicle malfunction to be approved on 30 OctoberGMT 22:05 2018 Friday ,19 October
NASA chief believes human mission to Mars should become international projectGMT 16:31 2018 Monday ,15 October
Roscosmos chief to inform NASA and ESA on probe into Soyuz booster incidentGMT 18:09 2018 Thursday ,11 October
Russia to provide NASA with full information on Soyuz emergency landingGMT 16:09 2018 Thursday ,11 October
President Putin to receive report on aborted Soyuz space launch to ISSGMT 10:49 2018 Friday ,19 January
Amazon narrows list of 'HQ2' candidates to 20Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©
Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©
Send your comments
Your comment as a visitor