[TheRecord] Facebook will let bug hunters submit joint reports

Social media giant Facebook updated today its bug bounty program to allow security researchers to submit joint reports and split bug bounty payouts.

Facebook said it introduced the new feature, which it calls Researcher Collaboration Payouts, to allow researchers to work in groups and benefit from each other skillsets in order to discover complex vulnerabilities in its platforms.

“To make collaboration among researchers easier, our program now supports splitting bounty payouts between multiple researchers on one submission,” the Facebook security team said today.

Facebook said it decided to roll out this feature on its primary bug bounty platform after it saw researchers collaborate with great results at its annual BountyCon events.

Instead of working alone, several researchers worked together and found “complex bug chains with higher security impact that individual researchers may not have noticed,” Facebook said today.

The feature was announced earlier today and is already live in the Facebook bug bounty portal.

The feature can be enabled from the “Collaboration Settings” section in the researcher’s account settings.

Once enabled, researchers will be able to add one or more collaborators. Each collaborator on a submission must allow each of the other collaborators within their Researcher Settings, Facebook said.

“Once this is done, an individual can act as the submitter and add up to five collaborators to a report submission. The submitter must nominate the percentage of the total reward to be issued to each collaborator if the report results in a bounty payout,” Facebook added.

The ability to submit joint bug reports isn’t new, and bug bounty platforms like HackerOne and Bugcrowd have similar features, John Jackson, a senior penetration tester at Trustwave, told The Record earlier today.

Last month, Facebook rolled out another interesting update to its bug bounty program, announcing that the company would pay extra for bugs that take its engineers longer to fix.

The post Facebook will let bug hunters submit joint reports appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] Over 90% of OT Organizations Experienced Cyber Incidents in Past Year: Report

All posts, Security Week

A survey conducted recently by cybersecurity firm Fortinet showed that more than 90% of organizations that use operational technology (OT) systems have experienced some sort of cyber incident in the past year. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[BleepingComputer] US: Russian threat actors likely behind JBS ransomware attack

White House has confirmed today that JBS, the world’s largest beef producer, was hit by a ransomware attack over the weekend coordinated by a group likely from Russia. […] Source: Read More (BleepingComputer)

Read More

[ESET] Victims duped out of US$1.8 million by BEC and Romance scam ring

All posts, ESET feed

Elderly men and women were the main targets of the romance scams operated by the fraudsters. The post Victims duped out of US$1.8 million by BEC and Romance scam ring appeared first on WeLiveSecurity Source: Read More (WeLiveSecurity)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.