Facebook is the latest company to offer monetary rewards to users who identify bugs native to its social network site. At $500 a pop, the rewards are dwarfed to those offered by Google and Microsoft, noted by PC Mag.
“To show our appreciation for our security researchers, we offer a monetary bounty for certain qualifying security bugs,” Facebook said on its blog post.
“Our security team will assess each bug to determine if qualifies.”
Facebook’s $500 reward might seem like a catch, but compared to the $3000+ offered by Google and Mozilla, it seems like cyber security enthusiasts are getting gypped. Microsoft has even gone so far as to offer US$250,000 to anyone who can offer information on a virus culprit who masquerades in the Window’s theme.
Despite the relatively little dough, a security researcher cited in ComputerWorld believes the real reward is in breaking into the tight-knit security community.
“The dollar amounts may be smaller than other markets for security research, but bounty programs lead to a better relationship with the security community and improve the security of the service much faster than a similar resource spend in a traditional security audit,” said HD Moore, chief security officer of Rapid7.
To be eligible for the reward the identified bug has to be a part of Facebook’s core and not from an application like Farmville. There are also a couple of other terms listed on the company’s “security Bug Bounty” page.
It’s not uncommon for big internet and computing players to reach out to computer enthusiasts and even hackers for a helping hand, with many recruiting them to help run their shop. Recently hacker GeoHotz, who reached notoriety by hacking into Sony’s PlayStation network, was recruited by Facebook.