Facebook to pay hackers for bugs found

Following the example of Google and Mozilla, social networking juggernaut Facebook is now paying hackers who find problems with its site, and report these to its security team. The company will pay a base rate of $500 (about PhP21,990) – with the rate possibly going higher if the flaws are truly significant, Computerworld reported. “In the past, we’ve focused on name recognition by putting their name up on our page, sending schwag out and using this an avenue for interviews and the recruiting process. We’re extending that now to start paying out monetary rewards," Computerworld quoted Alex Rice, Facebook’s product security lead, as saying. Computerworld also reported Facebook was to launch a new White Hat hacking portal where researchers can sign up for the program and report bugs. The report noted other companies had started implementing such bounty programs to encourage hackers to inform them so they can patch it, instead of making them public to gain fame. Presently, Facebook’s security team already engages in dialogue with security researchers and its own programmers, with hackers contacting it 30 to 50 times a week. Rice said many of the bugs are cross-site scripting or cross-site request forgery issues that could be abused by scammers and cybercriminals. Facebook has also sponsored high-profile parties at the Defcon hacking conference for the past two years, with Facebook Chief Security Officer Joe Sullivan seeing this as a chance to recruit new talent and educate security staffers, Computerworld said. Google happy According to the Computerworld report, Google started paying for browser bugs in 2010. It pays between $500 and $3,133.70, depending on the severity of the flaw. “We’re very happy with the success of our vulnerability reward program so far. We’ve already given out $300,000 and have seen a variety of interesting bugs," it quoted a Google spokesman as saying in an e-mail message. — LBG, GMA News