Facebook Bug Bounty

[Vaya]

http://www.facebook.com/whitehat/bounty/

To show our appreciation for our security researchers, we offer a monetary bounty for certain qualifying security bugs. Here's how it works:

Eligibility
To qualify for a bounty, you must:
Adhere to our Responsible Disclosure Policy:
... give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research ...
Be the first person to responsibly disclose the bug
Report a bug that could compromise the integrity or privacy of Facebook user data, such as:
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF/XSRF)
Remote Code Injection
Reside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)
Our security team will assess each bug to determine if qualifies.

Rewards
A typical bounty is $500 USD
We may increase the reward for specific bugs
Only 1 bounty per security bug will be awarded

Exclusions
The following bugs aren't eligible for a bounty (and we don't recommend testing for these):
Security bugs in third-party applications (e.g., http://apps.facebook.com/[app_name])
Security bugs in third-party websites that integrate with Facebook
Security bugs in Facebook's corporate infrastructure
Denial of Service Vulnerabilities
Spam or Social Engineering techniques

Sounds interesting.

[Avalanche]

Looks like they are preparing for Anon.

[Goseki]

$500 is moot. Seems more of a publicity stunt. If they really wanted someone to hack them they would offer closer to $5000. I doubt a major hacker would waste his time on that.

[CrimsonNuker]

Wait, you have to be from North Korea?

[*BlackFox]

Pretty cool idea... But "$500" seems pretty low for such a large site. Don't ya think?

[Majorharper]

Am I naive or are they too lazy to look for their own bugs so instead of paying a guy 50$ an hour to look for specific bugs, hey tell 100,000,000 people to look for bugs so that a person getting payed 10$ an hour can filter hundres of thousands of emails that people will write a bunch of stupid useless bullshit to try to get $500? *sigh* what a lazy community we live in...

[Vaya]

500$ is the minimum..

[omier]

Wait, you have to be from North Korea?

Do they even have Internet there?

[Toshiharu]

500$ is the minimum..

It says a -typical- bounty is $500. Reward is pathetic even if that number changed to x4 more.

[MrTwilliger]

I think the concept is that instead of having the "hacker communities" identify flaws and them simply do nothing productive to help facebook, it offers them a form of incentive to use their skills for a purpose. If I was a hacker, or whatever, and I spent my free time trolling around websites looking for flaws I would be thrilled to know that I could get $500 for doing what I normally do anyway. $500 is a lot more money than you think, imagine all the gummy bears you could buy with that!

[MrTwilliger]

I think the concept is that instead of having the "hacker communities" identify flaws and them simply do nothing productive to help facebook, it offers them a form of incentive to use their skills for a purpose. If I was a hacker, or whatever, and I spent my free time trolling around websites looking for flaws I would be thrilled to know that I could get $500 for doing what I normally do anyway. $500 is a lot more money than you think, imagine all the gummy bears you could buy with that!

[omier]

I think the concept is that instead of having the "hacker communities" identify flaws and them simply do nothing productive to help facebook, it offers them a form of incentive to use their skills for a purpose. If I was a hacker, or whatever, and I spent my free time trolling around websites looking for flaws I would be thrilled to know that I could get $500 for doing what I normally do anyway. $500 is a lot more money than you think, imagine all the gummy bears you could buy with that!

U could even buy loads of these:
.

[Toshiharu]

$500 is a lot more money than you think, imagine all the gummy bears you could buy with that!

Not when you can find a potential bug that could ruin facebook for day(s) and get paid $500 for it, leak information, etc etc. There's a reason why they hire people to try and hack their system. There's a reason why they hire people that hacked their system.

This is just a way to fix dangerous bugs against facebook while paying little to nothing.

[The Invisible]

$500 is a lot more money than you think, imagine all the gummy bears you could buy with that!

Not when you can find a potential bug that could ruin facebook for day(s) and get paid $500 for it, leak information, etc etc. There's a reason why they hire people to try and hack their system. There's a reason why they hire people that hacked their system.

This is just a way to fix dangerous bugs against facebook while paying little to nothing.

I guess they would pay thousands for such a bug depending on what ruin means.