Facebook(www.facebook.com) the Social Networking Monster offering a $500 reward for reporting bug.
Although the amount is the starting amount but it is very less than others internet giants' bug bounty offers, like Google ($3000+), Mozilla's $3000 , Microsoft's $250,000 .
The eligibility for participation in this program and conditions are:
Eligibility
To qualify for a bounty, you must:
- Adhere to our Responsible Disclosure Policy:
... give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research ... - Be the first person to responsibly disclose the bug
- Report a bug that could compromise the integrity or privacy of Facebook user data, such as:
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF/XSRF)
- Remote Code Injection
- Reside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)
Our security team will assess each bug to determine if qualifies.
Exclusions
The following bugs aren't eligible for a bounty (and we don't recommend testing for these):
- Security bugs in third-party applications (e.g., http://apps.facebook.com/[app_name])
- Security bugs in third-party websites that integrate with Facebook
- Security bugs in Facebook's corporate infrastructure
- Denial of Service Vulnerabilities
- Spam or Social Engineering techniques
All the information regarding to this available at https://www.facebook.com/whitehat/bounty/
No comments:
Post a Comment
Your Comment Here