User not logged in - login - register
Home Calendar Books School Tool Photo Gallery Message Boards Users Statistics Advertise Site Info
go to bottom | |
 Message Boards » » bug bounty programs Page [1]  
Master_Yoda
All American
3626 Posts
user info
edit post

Whats your take on bug bounty programs?

Im wondering if they are really worth it, as keep getting stories like this

http://www.bbc.co.uk/news/technology-23518627

Facebook effectively told him to fuck off, not once, but twice.

Black market next time for sure

8/19/2013 11:41:52 AM

DeltaBeta
All American
9417 Posts
user info
edit post

Guy: Hey, you have a bug. Here are the details.
FB: That's not a bug, fuck you, we're not paying.
Guy: I just proved it's a bug.
FB: You proved it by using it. Fuck you, we're not paying.

8/19/2013 12:10:59 PM

darkone
(\/) (;,,,;) (\/)
11610 Posts
user info
edit post

The programs are as good as the people who administer them... just like most everything else.

8/19/2013 2:57:56 PM

kiljadn
All American
44690 Posts
user info
edit post

honestly, did you expect anything different from Adbook(tm) ?

8/19/2013 11:09:06 PM

JeffreyBSG
All American
10165 Posts
user info
edit post

well, the folks at Facebook are strapped for cash, obviously...you can't blame them for saving themselves a few bucks here.

8/20/2013 1:16:28 AM

CapnObvious
All American
5057 Posts
user info
edit post

Based on what I've read, it sounded like a language barrier issue that caused the problem. Based on the quote I saw (assuming it was a direct quote from his emails), it sounded like he was saying that he could post to another person's wall. I doubt that they would have ignored him if they realized what he was actually trying to say.

Also, in his first demonstration of the bug, he posted on the wall of Zuckerberg's friend (not a dummy account). So even in his first demonstration he violated the terms of getting the bug bounty. This is opposed to the media's portrayal of him only crossing the line once they ignored him. Makes a great story of David vs. Goliath, not so accurate, though.

That said, they should still probably give the guy a payout due to the severe nature of the bug, though non-disclosure would probably be involved. You don't want to encourage people hacking others' accounts to prove a point (as the rules were trying to enforce).

[Edited on August 20, 2013 at 12:17 PM. Reason : ]

8/20/2013 12:16:15 PM

El Nachó
special helper
16370 Posts
user info
edit post

Looks like the guy is gonna get a lot more than $500 for his bug.

http://www.theverge.com/2013/8/21/4644550/crowdfunding-raises-11000-for-khalil-shreateh-after-facebook-flaw

8/21/2013 3:53:30 PM

 Message Boards » Tech Talk » bug bounty programs Page [1]  
go to top | |
Admin Options : move topic | lock topic

© 2024 by The Wolf Web - All Rights Reserved.
The material located at this site is not endorsed, sponsored or provided by or on behalf of North Carolina State University.
Powered by CrazyWeb v2.39 - our disclaimer.