Facebook has decided to pay more bounty for bugs or flaws discovered by hackers on its platform with a view to making its apps and services more secure for users.
As per a blog post by Facebook, it stated that now it would allow participants in the bug bounty program to analyse third-party apps for security flaws instead of just observing the vulnerability.
This basically means now bounty hunters will be able to be more prompt in their efforts by testing apps in real-time as opposed to just observing from afar.
Dan Gurfinkel, Security Engineering Manager for Facebook said in a statement, “This change significantly increases the scope of the security research that our bug bounty community can share with us and get rewarded for when they find potential vulnerabilities in these external apps and websites.”
As per the new policies, the bounty hunters who discover and report the security flaws will be eligible to receive a minimum of $500 (for low-security threats). What’s interesting, however, is the fact that there is no maximum limit in the bounty payout.
The post further added, “As always, we will issue rewards based on the impact of each valid report and other factors indicated within our terms, with a minimum reward of $500.”
Apart from this, Facebook has also stated that it’ll offer bonuses starting at $1000 going all the way up to $15,000 for bugs or flaws found in the native apps. This sum will be added to the final bounty payout.
Reports in the past have revealed that the maximum bounty Facebook has offered for a particular bug is $50,000. Google too had raised its bounty payout doubling its maximum payout from $15,000 to $30,000. Apple on the other hand also has its bug bounty program where it has offered a maximum bounty payout of $1 million.