Facebook expands bug bounty programme for third-party apps


San Francisco, Oct 16 (IANS): Facebook has expanded its bug bounty programme for ethical hackers and security researchers to reward them for valid bug reports in third-party apps and websites that integrate with Facebook.

Last year, the social networking giant launched an industry-first bug bounty for third-party apps and websites to reward researchers who find vulnerabilities that involve improper exposure of Facebook user data.

"To be eligible, we ask that researchers comply with the third-party's vulnerability disclosure or bug bounty programme before submitting their findings to Facebook," the company said in a statement on Tuesday.

By committing to rewarding valid reports about bugs in third-party apps and websites that impact Facebook data, the company said it hopes to encourage the security community to engage with more app developers.

Facebook will issue rewards based on the impact of each valid report and other factors indicated within its terms, with a minimum reward of $500.

The bug bounty hunters will now be able to actively test third-party apps for security issues, as long as the third party authorises the researchers.

"This change significantly increases the scope of the security research that our bug bounty community can share with us and get rewarded for when they find potential vulnerabilities in these external apps and websites," said Facebook.

Third-party apps have been a major privacy concerns for Facebook, like Cambridge Analytica.

  

Top Stories


Leave a Comment

Title: Facebook expands bug bounty programme for third-party apps



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.