By Lucian Constanti
As a result of reports received through its bug bounty program Facebook confirmed and fixed 61 high-severity vulnerabilities last year, almost 50 percent more than in 2013.
Since 2011, the company has been paying monetary rewards to researchers who report flaws that could compromise the integrity or privacy of user data or could enable access to systems within its infrastructure.
While the minimum reward is US$500, there is no upper limit. The company decides how much to pay depending on a bug's severity and sophistication. The program doesn't cover only the facebook.com site and related services, but also other products that Facebook created or acquired, like Instagram, Parse, Onavo, Oculus, Moves and osquery.
full article