Facebook continued its focus on security with two announcements Wednesday related to its white-hat program: The social network is doubling the bounties that it will pay out to researchers who discover white-hat bugs its ads code, and it released a “Bounty Hunter’s Guide” containing detailed instructions on how to submit those bugs.
Bug Bounty Program
Facebook offered some statistics about its bug bounty program in a note on its Protect the Graph page, saying that it received 14,763 submissions in 2013, up 246 percent from the previous year, and 687 of those submissions qualified for awards.
After Facebook Security Rejected His Bug Report, Khalil Shreateh Used The Bug To Post Directly On Mark Zuckerberg’s Timeline
Palestinian information system expert Khalil Shreateh discovered a bug that allowed Facebook users to post on the Timelines of other Facebook users, even when they were not connected as friends, but when he submitted it to the social network’s white hat program, Facebook Security responded that it was not a bug. So Shreateh went straight to the top, exploiting the bug to post on the Timeline of none other than Facebook Co-Founder and CEO Mark Zuckerberg.
Since Facebook launched its bug bounty program two years ago, more than $1 million in rewards has been handed out to 329 people in 51 countries, Security Engineer Collin Greene reported in a note on the Facebook Security page.