Whats your take on bug bounty programs?Im wondering if they are really worth it, as keep getting stories like thishttp://www.bbc.co.uk/news/technology-23518627Facebook effectively told him to fuck off, not once, but twice. Black market next time for sure
8/19/2013 11:41:52 AM
Guy: Hey, you have a bug. Here are the details.FB: That's not a bug, fuck you, we're not paying.Guy: I just proved it's a bug.FB: You proved it by using it. Fuck you, we're not paying.
8/19/2013 12:10:59 PM
The programs are as good as the people who administer them... just like most everything else.
8/19/2013 2:57:56 PM
honestly, did you expect anything different from Adbook(tm) ?
8/19/2013 11:09:06 PM
well, the folks at Facebook are strapped for cash, obviously...you can't blame them for saving themselves a few bucks here.]
8/20/2013 1:16:28 AM
Based on what I've read, it sounded like a language barrier issue that caused the problem. Based on the quote I saw (assuming it was a direct quote from his emails), it sounded like he was saying that he could post to another person's wall. I doubt that they would have ignored him if they realized what he was actually trying to say.Also, in his first demonstration of the bug, he posted on the wall of Zuckerberg's friend (not a dummy account). So even in his first demonstration he violated the terms of getting the bug bounty. This is opposed to the media's portrayal of him only crossing the line once they ignored him. Makes a great story of David vs. Goliath, not so accurate, though.That said, they should still probably give the guy a payout due to the severe nature of the bug, though non-disclosure would probably be involved. You don't want to encourage people hacking others' accounts to prove a point (as the rules were trying to enforce).[Edited on August 20, 2013 at 12:17 PM. Reason : ]
8/20/2013 12:16:15 PM
Looks like the guy is gonna get a lot more than $500 for his bug.http://www.theverge.com/2013/8/21/4644550/crowdfunding-raises-11000-for-khalil-shreateh-after-facebook-flaw
8/21/2013 3:53:30 PM