Facebook pays $33,500 for RCE

SrsX · Jan 23, 2014

Just read it today, it's the higest payout that Facebook has ever done in the Security Bounty program.

http://thehackernews.com/2014/01/facebook-hacker-received-33500-reward.html

ComputerTrophy · Jan 23, 2014

Their security team are very generous. For example, I was paid $2K for reporting a way to execute disclosure of supposedly 'deleted' items.

joepie91 · Jan 23, 2014

The question is, is this enough? The goal of security bug bounties is to convince people to report bugs to them instead of somebody buying vulnerabilities... I'm not involved closely in the whole vulnerability selling "industry" so I wouldn't be able to tell for certain, but it seems to me that an RCE vulnerability would fetch quite a bit more than 33.5k on the "black market".

EDIT: Also, TheHackerNews is a horrible site.

SrsX · Jan 24, 2014

joepie91 said:
The question is, is this enough? The goal of security bug bounties is to convince people to report bugs to them instead of somebody buying vulnerabilities... I'm not involved closely in the whole vulnerability selling "industry" so I wouldn't be able to tell for certain, but it seems to me that an RCE vulnerability would fetch quite a bit more than 33.5k on the "black market".

EDIT: Also, TheHackerNews is a horrible site.

In regards to that, for what he got for it there, if he went to some site like darkode/exploit.in and put it for sale, I have a strong feeling he would of made double if not triple that, as 'hackers' would love to get their hands on a vulnerability, espically since it's facebook thats affected.

Facebook pays $33,500 for RCE

SrsX

Banned

ComputerTrophy

New Member

joepie91

New Member

SrsX

Banned