According to Facebook’s chief security officer, Joe Sullivan, the social network has launched a “Bounty Bug Program” in order to discover any flaws in the system’s software due to “software complexity, programming errors, changes in requirements, errors in bug tracking, limited documentation or bugs in software development tools.”
Facebook posted the following explanation of the program:
Because bug reports are often complicated and can involve complex legal issues, we chose our words carefully when announcing the program. Perhaps because of this, there have been several inaccurate reports about how the program works. For example, some stories said that the maximum payment would be $500, when in fact that is the minimum amount we will pay. In fact, we’ve already paid a $5,000 bounty for one really good report. On the other end of the spectrum, we’ve had to deal with bogus reports from people who were just looking for publicity.
At the end of the day, we feel great knowing that we’ve launched another strong effort to help provide a secure experience on Facebook. A bug bounty program is a great way to engage with the security research community, and an even better way to improve security across a complex technological environment. Facebook truly does have the world’s best neighborhood watch program, and this program has proven that yet again for us.
Facebook has faced harsh scrutiny recently because of its use of facial recognition technology and the fact that phone numbers from members’ contact lists are available for view.
Facebook first denied the presence of privacy issues on its site, but eventually caved in to users’ demands. Last week, the social network announced in a blog entitled “Making it Easier to Share With Who You Want” that it would improve privacy:
Today we’re announcing a bunch of improvements that make it easier to share posts, photos, tags and other content with exactly the people you want. You have told us that “who can see this?” could be clearer across Facebook, so we have made changes to make this more visual and straightforward.
Plus there are several other updates here that will make it easier to understand who can see your stuff (or your friends’) in any context.
One of the changes made by Facebook’s administrators is a new inline menu that shows who can see certain parts of a member’s profile, which can be changed with a simple click. Likewise, Facebook users may also confirm or reject photos or posts in which they have been tagged, and may even reject or confirm those who have attempted to tag them.
Likewise, the site has now added a feature allowing members to view their profiles as others see it, so that they may know exactly what is visible to other members. It has also added new controls which permit users to specify who may see each post, picture, etc.
According to PC World, Facebook is not the only company which has hired hackers: Google and Mozilla have as well. The Blaze writes that Google officials have such confidence in its security that they offered hackers $20,000 to find any bugs.
Facebook notes that the program has been a success thus far. In a post about the new privacy efforts, the company said, “We know and have relationships with a large number of security experts, but this program has kicked off dialogue with a whole new and ever expanding set of people across the globe in over 16 countries, from Turkey to Poland who are passionate about Internet security.”
Facebook contends, however, that while it is interested in protecting the privacy of its users, it will not be able to extend its bug bounty program to all those Facebook applications written by third parties, as such an endeavor is “not practical.”