Following a series of security mishaps and data abuse through its social media platform, Facebook today expanding its bug bounty program in a very unique way to beef up the security of third-party apps and websites that integrate with its platform.
Last year, Facebook launched “Data Abuse Bounty” program to reward anyone who reports valid events of 3rd-party apps collecting Facebook users’ data and passing it off to malicious parties, violating Facebook’s revamped data policies.
Apparently, it turns out that most of the time, Facebook users’ data that had been misused was exposed in the first place as the result of a vulnerability or security weakness in third-party apps or services.
The Facebook ecosystem contains millions of third-party apps, and unfortunately, very few of them have a vulnerability disclosure program or offer bug bounty rewards to white-hat hackers for responsibly reporting bugs in their codebase.
Because of this communication gap between researchers and the affected app developers, Facebook’s security programs for 3rd-party apps and websites were, until now, just limited to “passively observing the vulnerabilities.”
Though Facebook already once expanded its…
http://feedproxy.google.com/~r/TheHackersNews/~3/Wq6aIe1M6Yk/facebook-apps-bug-bounty.html