All these days, white hat hackers working for Facebook’s Bug Bounty Program were seen passively observing the vulnerabilities of third-party apps. But now, the social media giant has asked the researchers to be more proactive by testing apps for security flaws, rather than watching those from the sideline.
Mark Zuckerberg’s company released a press statement yesterday by saying that it has so far paid up to $50,000 to hackers who found security vulnerabilities on its platform.
Now the company hopes to expand the scope of viable research and has increased the bonus to dig out flaws on native apps to $18,000 from $15,000- for-say with some stipulations.
This means Facebook is allowing white hat hackers to be proactive by increasing the financial gain from its bug bounty program.
Confirming the statement, Dan Gurfinkel, the Security Engineering Manager of Facebook added that the increase in the bonus is to encourage the bug bounty community to discover potential vulnerabilities in the external apps and websites.
According to the sources available to Cybersecurity Insiders, those finding low-grade security threats are awarded $500 and the amount increase depends on the intensity of the discovered threat. To date, Facebook awarded $50,000 as the largest bounty standing second to Apple which has awarded $1 million to a security researcher in a recent finding.
Note 1- Google has only offered $15,000 to up to $30,000 to its bug bounty program winners to date.
Note 2- Bug Bounty programs are organized by multinational companies to identify and fix security threats that exist in their systems and application-services.