|Facebook is expanding its bug hunt program which they plan to reward any report that shows distinct vulnerabilities to their users' access tokens / Photo by Geralt via Pixabay.com|
Facebook has been undergoing a lot of controversy as of late, with many of the higher-ups reporting issues on privacy, being called out into court and so on. It doesn’t mean they’re bad by any means, it just means that the website itself is so large that they have to undertake a lot of issues with both their consumers and their stakeholders. One of the things they’ve been trying to push is their bug hunt program with the main goal of a better experience for the users.
On that note, they just announced that they will be expanding the reach of their program according to a Tech Crunch article. This pays people and researchers to find vulnerabilities and loopholes in their system, to now go beyond in-house researchers and add third-party apps and websites from around the world. More specifically, they stated that they plan to reward any report that shows distinct vulnerabilities to their users' access tokens.
To explain that, when a user going on another app using Facebook login details, they can then decide what information that they are willing to provide and therefore, choose what app has access to what specific information is required.
The issue is, when the token gets compromised, this data from the user can be misused or even redirected into a different website altogether.
Moreover, the company stated that they will be paying a bare minimum of $500 per vulnerable website or app that is detected, assuming the report is valid. The company then stated that they had no information regarding other programs giving this kind of reward for any kind of vulnerability of this kind.
If they actually find an issue, however, Facebook will immediately work with the app or website in question to be able to fix the coding for better safety.
At the end of it all, this means that Facebook is trying their best to keep their respective users' security and personal information as safe as can be.