Facebook doubled the bounties for security vulnerabilities discovered in the code behind its advertising system, according to PC World. Researchers who find bugs in the ads code will be paid at least $1,000, and not $500 as until now.
Typical vulnerabilities include wrong permission checks, insufficient rate-limiting, edge-case CSRF issues, and Flash problems in the ads code. The social network announced it just finished a “comprehensive” security audit in this area.
“We found and fixed a number of security bugs but would like to encourage additional scrutiny from Whitehats to see what we might have missed,” Facebook security engineer Collin Greene wrote in a blog post.
“Also, since the vast majority of bug reports we work on with the Whitehat community are focused on the more common parts of Facebook code, we hope to encourage researchers to become more familiar with the surface area of ads to better protect the businesses that use them.”
The security engineer also shared several tips for successfully finding bugs in ads code and mentioned some past ad bugs they managed to fix:
Besides APIs or analytics, Facebook encourages whitehats to discover ad bugs in “everything else.”
“There is a lot of backend code to correctly target, deliver, bill and measure ads,” Greene said. This code isn’t directly reachable via the website, but of the small number of issues that have been found in these areas, they are relatively high impact.”
Since Facebook`s bug bounty program debut in 2011, whitehats have earned over $3 million for discovering new vulnerabilities. A year ago, Yahoo! made headlines after dumping T-shirt bounties for money rewards. The news came after several Swiss security researchers publicly shamed the tech giant for offering branded clothing instead of actual money. Yahoo! announced it will replace T-shirt rewards with bounties up to $15,000 for “new, unique and/or high risk” bugs.
For more information about Facebook`s bug bounty program, “hunters” can also read this recent guide.
tags
Bianca Stanescu, the fiercest warrior princess in the Bitdefender news palace, is a down-to-earth journalist, who's always on to a cybertrendy story.
View all postsNovember 14, 2024
September 06, 2024