Facebook Takes Blame In Bug Report
Facebook has spent more than $1 million on a bug bounty program that compensates researchers who report issues. One such researcher, Khalil Shreateh, demonstrated a bug that allowed a user to post on anyone's Facebook wall, even if the person was not friends with the user. After Facebook ignored the report, Shreateh upped the ante. He posted on CEO Mark Zuckerberg's wall.
He gained the social network's attention. Joe Sullivan, Facebook's chief security officer, wrote in a blog post that the company was "too hasty and dismissive" in Shreateh's case. However, Sullivan said that Shreateh still wouldn't be compensated for his report.
"We will not change our practice of refusing to pay rewards to researchers who have tested vulnerabilities against real users," he wrote. "It is never acceptable to compromise the security or privacy of other people."