Facebook is doubling the rewards it will pay for security vulnerabilities related to code that runs its advertising system, the company said Wednesday. A comprehensive security audit of its ads code was recently completed, but Facebook “would like to encourage additional scrutiny from whitehats to see what we may have missed,” wrote Collin Greene, a security engineer, in a blog post. “Whitehats” refers to ethical security researchers, as opposed to “blackhats” who take advantage of vulnerabilities.
The holidays are coming up and that means shopping for presents. If you’re a whitehat hacker looking to earn some cash, Facebook might be able to help you out. Facebook announced today that it will double the cash given to hackers that find bugs in the social network’s ad code. To help steer the whitehats to what they should be looking for, Facebook posted the following: “At this stage of our bug bounty program, it’s uncommon for us to see many of the common web security bugs like XSS. What we see more often are things like missing or incorrect permissions checks, insufficient rate-limiting that can lead to scraping, edge-case CSRF issues , and problems with SWFs.”
