Facebook will issue rewards based on the impact of each valid report. (REUTERS)
Facebook will issue rewards based on the impact of each valid report. (REUTERS)

Facebook expands bug bounty programme for third-party apps

  • Facebook will issue rewards based on the impact of each valid report and other factors indicated within its terms, with a minimum reward of $500
  • Last year, the social networking giant launched an industry-first bug bounty for third-party apps

San Francisco: Facebook has expanded its bug bounty programme for ethical hackers and security researchers to reward them for valid bug reports in third-party apps and websites that integrate with Facebook.

Last year, the social networking giant launched an industry-first bug bounty for third-party apps and websites to reward researchers who find vulnerabilities that involve improper exposure of Facebook user data.

"To be eligible, we ask that researchers comply with the third-party's vulnerability disclosure or bug bounty programme before submitting their findings to Facebook," the company said in a statement on Tuesday.

By committing to rewarding valid reports about bugs in third-party apps and websites that impact Facebook data, the company said it hopes to encourage the security community to engage with more app developers.

Facebook will issue rewards based on the impact of each valid report and other factors indicated within its terms, with a minimum reward of $500.

The bug bounty hunters will now be able to actively test third-party apps for security issues, as long as the third party authorises the researchers.

"This change significantly increases the scope of the security research that our bug bounty community can share with us and get rewarded for when they find potential vulnerabilities in these external apps and websites," said Facebook.

Third-party apps have been a major privacy concerns for Facebook, like Cambridge Analytica.


Close