The Social Media giant had first started its bug bounty program for third-party apps last year. Now, it is extending its bug bounty program for researchers who use penetration testing to spot vulnerabilities.
Until now, Facebook was handing out bounties to security researchers who could spot vulnerabilities in third-party apps and websites that integrate with its platform. The program will now reach more security researchers with this announcement.
By extending the bug bounty program, Facebook wants to not just enhance the security of the users on its platform but also improve the larger app developer ecosystem.
The company has changed the terms of service of its bug bounty program to reflect the changes made. Researchers are now required to include proof of authorization by the third-party before submitting the reports to the program. The rewards for finding credible vulnerabilities start from $500.
Dan Gurfinkel, Facebook’s Security Engineering Manager said: “By committing to rewarding valid reports about bugs in third-party apps and websites that impact Facebook data, we hope to encourage the security community to engage with more app developers. We also want to incentivize researchers to focus on apps, websites and bug bounty programs that otherwise may not get as much attention or may not have resources to incentivize the bug bounty community.”