back to article Facebook dangles cash rewards for bug reports

Facebook has joined Google and Mozilla in paying cash rewards to researchers who privately report vulnerabilities that could jeopardize the privacy or security of their users. The social network said Friday it would pay $500 for the disclosure of most website flaws, such as XSS, or cross-site scripting errors. The company may …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Facepalm

    Microsoft

    If Microsoft paid whenever someone found a bug, they'd be broke within the week!

  2. Anonymous Coward
    Anonymous Coward

    Meh

    $500 for a XSS? Create a basic wall worm and promote a short survey and you'll earn more than that in about 3 minutes.

  3. Allan George Dyer
    Coat

    I've got one...

    Facebook exposes vast amounts of sensitive personal information that can be sold.

    What? That's a design feature?

  4. Anonymous Coward
    Facepalm

    vulnerabilities that could jeopardize the privacy ... of their users

    Er, isn't the biggest risk Facebook's default privacy settings?

  5. Roo
    FAIL

    M$, Oracle pay up ? No, you pay them...

    The first & last time I tried reporting something a basic DoS vulnerability in their VM/"File Cache" implementation to MS they wanted to charge me $128 for the priveledge. The bug remained in place in NT 4, and 2K. After that I gave up caring, but it looks to me as if that basic weakness may still be there in Vista and 7.

    I have found the same kind of "shut up and give us your cash" mentality happening with Oracle too. I raised an SR for a trivially repeatable DoS in their .NET client library, complete with a half a dozen lines of code to replicate the fault. They have replicated the fault themselves and since March have done ... absolutely flip all (by their own admission I hasten to add).

    The scene in Animal House where Kevin Bacon cries out "Thank you sir, please may I have another" comes to mind. You can substitute Larry Ellison for Niedermeyer.

    Open Source ain't always perfect, but the support is as good as you can afford it to be, the same can't be said of many vendors, in particular M$ & Oracle.

  6. David Barr
    Meh

    Swallowed a Spider to catch the fly...

    And they're now going to have to deal with literally millions of reports all from people trying to earn a quick buck reporting the same errors, or errors that don't exist etc.

  7. Heff
    Trollface

    Waste of time

    Considering their recent problems with URL shortening and any links that refer back to imgur, it's almost impossible to tell the difference between their 'admin actions' and a legit bug; and when you do find something broken, stepping around their "whoops doesn't work" auto replies and actually trying to get someone to pay attention is a nightmare not worth bothering with. Facebook aren't interested in security, privacy, orbasic business ethics; stick to referral worms; if you have the skill do you really want to use them to make Facebook "better?"

    I mean, this is a company where if you're interested In Keeping shit professional you need to subscribe to an external websites RSS just to keep abreast of what new, retarded feature has just been enabled by default this week.

    Trollface, because this articles gotta be trollin

This topic is closed for new posts.

Other stories you might like