Hi! Welcome Back and Stay Tune! Facebook expands bug bounty program to include third-party apps and websites - Mukah Pages : Media Marketing Make Easy With 24/7 Auto-Post System. Find Out How It Was Done!

Header Ads

Facebook expands bug bounty program to include third-party apps and websites

Facebook announced this morning it’s expanding its bug bounty program – which pays researchers who find security vulnerabilities within its platform – to now include issues found in third-party apps and websites. Specifically, Facebook says it will reward valid reports of vulnerabilities that relate to the improper exposure of Facebook user access tokens.

Typically, when a user logs into another app using their Facebook account information, they’re able to decide what information the token and, therefore, the app can access and what actions it can take.

But if the token becomes compromised, users’ personal information could be misused.

Facebook says it will pay a minimum reward of $500 per vulnerable app or website, if the report is valid. The company also noted it wasn’t aware of any other programs offering rewards of this scope for all eligible third-party apps.

If a vulnerability is determined to be legit, Facebook will then work with the affected app developer or website operator to fix their code. Any apps that don’t comply with Facebook’s request to address the issue will be suspended from the platform until the problem has been solved and undergoes a security review.

In addition, Facebook says it will revoke all the access tokens that could have been compromised in order to prevent potential misuse. If it believes anyone has actually been impacted by the problem, it will notify them, if need be.

The company spells out what sort of information researchers (the white hat hackers) should include in their reports in order to receive the reward. It also says it’s only accepting reports where the bug is discovered by passively viewing data sent to and from a device and the affected app or website – not through any more of manipulation on the researchers’ part.

The news comes at a time when Facebook is still dealing with the fallout from the Cambridge Analytica scandal, which compromised the personal data from as many as 87 million Facebook users. This was followed by news this summer that a quiz app had been leaking data on 120 million users for years.

Since then, the company has been tightening its API platform, reviewing all apps, suspending hundreds of apps deemed suspicious, rolling out tools to help people better manage their apps, and more.

As a part of those changes, Facebook said earlier this year that its bug bounty program would be expanded.

Separately from this new program, the company now also runs a Data Abuse Bounty program which rewards first-hand knowledge of third-parties that collect user data in order to pass it off to malicious parties.

“We would like to emphasize that our bug bounty program does not replace the obligations on app developers to maintain appropriate technical and organizational measures to protect personal data — either regulatory obligations (for example, if the app developer is a data controller for the purposes of GDPR) or the rigorous controls we require through our terms of service and policies that apply to all developers on the Facebook platform,” wrote Dan Gurfinkel, Facebook Security Engineering Manager, in an announcement.

More details on the program are here.



✍ Source : ☕ Social – TechCrunch

To continue reading click link or copy to web server. :

(✿◠‿◠)✌ Mukah Pages : 👍 Making Social Media Marketing Make Easy Through Internet Auto-Post System. Enjoy reading and don't forget to 👍 Like & 💕 Share!


No comments

Comments are welcome and encouraged on this site. Comments deemed to be spam or solely promotional will be deleted. Including link to relevant content is permitted, but comments should be relevant to the post topic.

Comments including profanity and containing language that could deemed offensive will also deleted. Please respectful toward other contributors. Thank you.