[TheRecord] Facebook will let bug hunters submit joint reports

Social media giant Facebook updated today its bug bounty program to allow security researchers to submit joint reports and split bug bounty payouts.

Facebook said it introduced the new feature, which it calls Researcher Collaboration Payouts, to allow researchers to work in groups and benefit from each other skillsets in order to discover complex vulnerabilities in its platforms.

“To make collaboration among researchers easier, our program now supports splitting bounty payouts between multiple researchers on one submission,” the Facebook security team said today.

Facebook said it decided to roll out this feature on its primary bug bounty platform after it saw researchers collaborate with great results at its annual BountyCon events.

Instead of working alone, several researchers worked together and found “complex bug chains with higher security impact that individual researchers may not have noticed,” Facebook said today.

The feature was announced earlier today and is already live in the Facebook bug bounty portal.

The feature can be enabled from the “Collaboration Settings” section in the researcher’s account settings.

Once enabled, researchers will be able to add one or more collaborators. Each collaborator on a submission must allow each of the other collaborators within their Researcher Settings, Facebook said.

“Once this is done, an individual can act as the submitter and add up to five collaborators to a report submission. The submitter must nominate the percentage of the total reward to be issued to each collaborator if the report results in a bounty payout,” Facebook added.

The ability to submit joint bug reports isn’t new, and bug bounty platforms like HackerOne and Bugcrowd have similar features, John Jackson, a senior penetration tester at Trustwave, told The Record earlier today.

Last month, Facebook rolled out another interesting update to its bug bounty program, announcing that the company would pay extra for bugs that take its engineers longer to fix.

The post Facebook will let bug hunters submit joint reports appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ZDNet] Beware of spies and radicalisation attempts online: ASIO chief

All posts, ZDNet

Mike Burgess warns of espionage via social media and dating sites, and a surge in the online radicalisation of minors. But on the plus side, good cybersecurity is achievable. Source: Read More (Latest topics for ZDNet in Security)

Read More

[SANS ISC] ISC Stormcast For Wednesday, December 22nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7806, (Wed, Dec 22nd)

All posts, Sans-ISC

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Source: Read More (SANS Internet Storm Center, InfoCON: green)

Read More

[TheRecord] RedLine Stealer identified as primary source of stolen credentials on two dark web markets

The vast majority of stolen credentials currently sold on two dark web underground markets have been collected using the RedLine Stealer malware, Insikt Group, the cybersecurity research arm of Recorded Future, has discovered. First spotted in March 2020, the RedLine Stealer is part of the infostealer family, a type of malware that once it infects a computer, […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.