Facebook’s bug bounty program is expanding and there will be rewards for the people who report acts of suspiciousness for the sites/apps that connect to Facebook.
This focuses on the sites that allow the browser to log into other apps via their Facebook accounts. The bounty program will offer rewards to the people who report vulnerabilities in third-party apps that give an indirect connection to Facebook.
"If exposed, a token can potentially be misused, based on the permissions set by the user," said Facebook's security engineering manager, Dan Garfinkel, in a blog post. "We want researchers to have a clear channel to report these important issues, and we want to do our part to protect people's information, even if the source of a bug is not in our direct control."
Facebook took some serious measures for ascertaining foolproof security for the privacy of the social network and protection of the users’ personal data after the scandal of Cambridge Analytica. Rewards were announced for those who would report data misuse by the app developers in April. In today’s blog post, Gurfinkel again made the point to the app developers that they must make sure the safety of the users’ data and that this expansion in the bug bounty program isn’t a replacement for those commands.
Starting from $500, the bounty increases with respect to the impact that the report has.
"Importantly, we will only accept reports if the bug is discovered by passively viewing the data sent to or from your device while using the vulnerable app or website. You are not permitted to manipulate any request sent to the app or website from your device, or otherwise interfere with the ordinary functioning of the app or website in connection with submitting your report." There are some instructions given by Gurfinkel to clarify the rules of being eligible for the bounty.
The apps that are found to be problematic will be notified and Facebook will help them to get rid of the shortcoming. And the ones refusing this aid will be suspended until the issue gets resolved.
The users will also be notified of the vulnerability that was reported for that particular website/app.
Read Next: Facebook's Fact-Checking Will Now Include Images And Videos Along With The Articles
This focuses on the sites that allow the browser to log into other apps via their Facebook accounts. The bounty program will offer rewards to the people who report vulnerabilities in third-party apps that give an indirect connection to Facebook.
"If exposed, a token can potentially be misused, based on the permissions set by the user," said Facebook's security engineering manager, Dan Garfinkel, in a blog post. "We want researchers to have a clear channel to report these important issues, and we want to do our part to protect people's information, even if the source of a bug is not in our direct control."
Facebook took some serious measures for ascertaining foolproof security for the privacy of the social network and protection of the users’ personal data after the scandal of Cambridge Analytica. Rewards were announced for those who would report data misuse by the app developers in April. In today’s blog post, Gurfinkel again made the point to the app developers that they must make sure the safety of the users’ data and that this expansion in the bug bounty program isn’t a replacement for those commands.
Starting from $500, the bounty increases with respect to the impact that the report has.
"Importantly, we will only accept reports if the bug is discovered by passively viewing the data sent to or from your device while using the vulnerable app or website. You are not permitted to manipulate any request sent to the app or website from your device, or otherwise interfere with the ordinary functioning of the app or website in connection with submitting your report." There are some instructions given by Gurfinkel to clarify the rules of being eligible for the bounty.
The apps that are found to be problematic will be notified and Facebook will help them to get rid of the shortcoming. And the ones refusing this aid will be suspended until the issue gets resolved.
The users will also be notified of the vulnerability that was reported for that particular website/app.
Read Next: Facebook's Fact-Checking Will Now Include Images And Videos Along With The Articles