Home Facebook to Offer Bug Bounty Program With Rewards Starting at $500

Facebook to Offer Bug Bounty Program With Rewards Starting at $500

Facebook today is launching a “bug bounty” program where it will pay researchers who find bugs and vulnerabilities in Facebook and report it to the company to be fixed. Developers who find bugs and report them to Facebook through its “Responsible Disclosure Policy” will be rewarded starting $500 or more, with no cap on how big a bounty developers can harvest.

Facebook follows in the footsteps of Google and Mozilla that also have bug bounty programs. Mozilla offers up to $3,000 for bugs found within its open-source software such as Firefox and Google offers between $500 and $1,337 (a number associated with geek lexicon “leet speak” created in the 1980s). One of the reasons that Facebook became the dominant social network in the Web. 2.0 movement is that it has fostered a developer community that has aggressively built on top of the platform. As such, the bug bounty program is a natural extension of that community.

See Also:
The Benefits of Bug Bounties

To qualify for the bounty, developers must adhere to the Responsible Disclosure Policy and find a bug that “could compromise the integrity or privacy of Facebook user data.” That includes cross-site scripting (XSS), cross-site request forgery (CSRF/XSRF) or remote code injection or any other such known hacking methods or vulnerabilities.

Only one bounty will be awarded per specific bug, starting at $500 with the ability to increase based on the type of bug. Bugs in third-party applictions, websites, corporate infrastructure are not eligible nor are denial of service vulnerabilities or social engineering (phishing) or spam techniques. Essentially, they have to be bugs in the Facebook platform itself and not part of some type of extension, app or add-on.

Here is the Responsible Disclosure Policy from the new White Hat information page for security researchers:

“If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you.”


About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.