Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Bug Facebook The Almighty Buck

Facebook Announces Time Bonus Payouts For Bug Hunters (nbcnews.com) 9

Posted by BeauHD from the it-pays-to-squash-bugs dept.
Facebook is adding a new perk to its bug bounty program that will pay bonus rewards to researchers based on the time it takes the social network to fix a vulnerability after it's found and reported by bug hunters. ZDNet reports: Essentially, Facebook is acknowledging that it's sometimes slow to reach a bounty decision and is using this bonus payment to encourage patience among the researchers in its bug bounty community. The Payout Time Bonus will reward reports that are paid more than 30 days from the time Facebook receives all the necessary information for a successful reproduction of the report and its impact, Facebook said. The bonuses will be paid on a sliding scale, with payouts made between 30-59 days receiving a 5% bonus; payouts made between 60-89 days receiving a 7.5% bonus; and payouts made after 90 days or more receiving a 10% bonus. Reports that require clarification from the researcher will have the payments adjusted accordingly.
This discussion has been archived. No new comments can be posted.

Facebook Announces Time Bonus Payouts For Bug Hunters More

Facebook Announces Time Bonus Payouts For Bug Hunters

Comments Filter:

  • Encouraging obsfucated reports? (Score:3)

    by gurps_npc ( 621217 ) on Tuesday July 13, 2021 @10:39PM (#61580289) Homepage

    Did Facebook just encourage people to obfuscate their reports using the most technical, jargon laden-ed bug reports possible?

    Seems like they should penalize the people paying/confirming the bug reports, rather than pay what is in effect a late penalty to the bug hunters.

    • Re: (Score:3)

      by aitikin ( 909209 )

      I mean, it's better then them just completely ignoring the fact that they seem to suck at solving bugs that are reported, right?

      But if you go to Facebook expecting true security, I apologize...

    • Maybe we should get someone in on this discussion. Is bug confirmation basically a copy and paste then a compile and see if all hell breaks loose? I'm sure we all can get behind that even if July 4th is behind us.

    • Re: (Score:3)

      by tlhIngan ( 30335 )

      Did Facebook just encourage people to obfuscate their reports using the most technical, jargon laden-ed bug reports possible?

      Seems like they should penalize the people paying/confirming the bug reports, rather than pay what is in effect a late penalty to the bug hunters.

      Nope, they tip the scales in their favor - the clock starts when Facebook receives enough information to reproduce the bug internally.

      So Facebook will always cheat - you can present the information in a clear way with a simple test case show

  • OK Facebook where's my money? [shopify.com]

  • a really bad attempt at hush money. If you are going to try and bribe researchers into silence, at least make it worth their while.

  • Pretty obvious that the spamming scammers have figured out some new way to originate lots of spam from Facebook's servers. I see that as a major bug in Facebook's security, but I'm pretty confident that Facebook doesn't think so, and I hate Facebook too much to visit and search to find out.

    But if someone thinks it should be covered, I'm willing to pass along the data and wish you the best luck in getting some money for it. Though I'm pretty sure it should be regarded as public data for anyone who has been f

Slashdot Top Deals

Dynamically binding, you realize the magic. Statically binding, you see only the hierarchy.

Close