New York: Expose the chinks in security network of Facebook and get rewarded for it too, says the social networking site, which has already paid USD 40,000(over
Rs 18 lakh) in the past three weeks to those who done it.
Facebook has launched its `bug bounty` programme a few
weeks ago, where it offered to pay for disclosure of security
bugs to the company.
"A couple of years ago, we decided to formalise a
`whitehat` programme to encourage these researchers to look
for bugs and report them to us ... A few weeks ago, we took
that programme to the next level -- we started paying rewards
to those who report bugs to us," Facebook Chief Security
Officer Joe Sullivan said on the official blog.
He added that the bug bounty programme was established as
an effort to recognise and reward "these individuals for their
good work and encourage others to join."
According to the company website, Facebook has more than
750 million active users globally. Its userbase in India stood
at 25 million at the end of April this year.
Facebook has met severe criticism globally on a range of
issues, including online privacy, child safety, and security
It has been working to tackle the situation, introducing
new security features to counter the attacks on the website.
"The programme has already paid out more than USD 40,000
in only three weeks and one person has already received more
than USD 7,000 for six different issues flagged," Sullivan
The programme has made the site more secure -- by
surfacing issues large and small, introducing Facebook to
novel attack vectors, and helping it improve lots of corners
in its code, he added.
About forty eight people have successfully identified
problems and have been acknowledged on Facebook`s "whitehat"
Facebook pays about USD 500 for reporting such issues and
increases the reward for specific bugs, the blog said.
The company has also assured that even if the methods
used to intrude into Facebook systems are not legal, they
would not face any legal action.
"If you give us a reasonable time to respond to your
report before making any information public and make a good
faith effort to avoid privacy violations, destruction of data
and interruption or degradation of our service during your
research, we will not bring any lawsuit against you or ask law
enforcement to investigate you," the blog said.