'Bounty Hunter' Earns Record Payout, and Job, from Facebook

[InfoSec News <alerts () infosecnews org>]

http://blogs.wsj.com/digits/2014/04/03/bounty-hunter-earns-record-payout-from-facebook/

By REED ALBERGOTTI
Digits
The Wall Street Journal
April 3, 2014

Reginaldo Silva was poring over computer code in November when the 
one-time software engineer found what he thought was a security loophole 
on Facebook's servers. The discovery led to the largest "bug bounty" ever 
paid by the company, and a job for Silva as an engineer at Facebook.

Silva earned $33,500 for notifying Facebook of the flaw, which he said 
could have allowed a hacker to enter Facebook's servers and execute code. 
In a worst-case scenario, the breach could have allowed the hacker to 
access Facebook accounts or even spread a computer virus to members. A 
Facebook spokesman said any manipulation of its servers would have been 
quickly identified and stopped by the company.

Facebook employs hundreds of engineers who ferret out loopholes and bugs, 
but like many companies offers rewards to "white hat" hackers who find 
undetected chinks in the digital armor.

"They've found things we wouldn't have found," says Alex Rice, head of 
product security at Facebook. "The bounty program has by far been the best 
tool we have for identifying bugs that make it out into the wild."

[...]



--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/