Master_Yoda All American 3626 Posts user info edit post |
Whats your take on bug bounty programs?
Im wondering if they are really worth it, as keep getting stories like this
http://www.bbc.co.uk/news/technology-23518627
Facebook effectively told him to fuck off, not once, but twice.
Black market next time for sure 8/19/2013 11:41:52 AM |
DeltaBeta All American 9417 Posts user info edit post |
Guy: Hey, you have a bug. Here are the details. FB: That's not a bug, fuck you, we're not paying. Guy: I just proved it's a bug. FB: You proved it by using it. Fuck you, we're not paying. 8/19/2013 12:10:59 PM |
darkone (\/) (;,,,;) (\/) 11611 Posts user info edit post |
The programs are as good as the people who administer them... just like most everything else. 8/19/2013 2:57:56 PM |
kiljadn All American 44690 Posts user info edit post |
honestly, did you expect anything different from Adbook(tm) ? 8/19/2013 11:09:06 PM |
JeffreyBSG All American 10165 Posts user info edit post |
well, the folks at Facebook are strapped for cash, obviously...you can't blame them for saving themselves a few bucks here.] 8/20/2013 1:16:28 AM |
CapnObvious All American 5057 Posts user info edit post |
Based on what I've read, it sounded like a language barrier issue that caused the problem. Based on the quote I saw (assuming it was a direct quote from his emails), it sounded like he was saying that he could post to another person's wall. I doubt that they would have ignored him if they realized what he was actually trying to say.
Also, in his first demonstration of the bug, he posted on the wall of Zuckerberg's friend (not a dummy account). So even in his first demonstration he violated the terms of getting the bug bounty. This is opposed to the media's portrayal of him only crossing the line once they ignored him. Makes a great story of David vs. Goliath, not so accurate, though.
That said, they should still probably give the guy a payout due to the severe nature of the bug, though non-disclosure would probably be involved. You don't want to encourage people hacking others' accounts to prove a point (as the rules were trying to enforce).
[Edited on August 20, 2013 at 12:17 PM. Reason : ] 8/20/2013 12:16:15 PM |
El Nachó special helper 16370 Posts user info edit post |
Looks like the guy is gonna get a lot more than $500 for his bug.
http://www.theverge.com/2013/8/21/4644550/crowdfunding-raises-11000-for-khalil-shreateh-after-facebook-flaw 8/21/2013 3:53:30 PM |