By David Ponce
Following in the footsteps of Google and Mozilla, Facebook launched a program called “White Hat Bug Bounty Program” last July. The idea was to encourage hackers in the wild to find security holes in Facebook’s code and report it to the company for a reward. This reward takes the shape of the credit card you see above. As long as the vulnerability is disclosed to Facebook by following their Responsible Disclosure Policy and the hacker does not go public with the vulnerability information until the hole has been fixed, they are promised to get a reward of at least $500. There is no set maximum, though the highest amount paid so far is $5,000.
Possessing this card has become somewhat of a status symbol as only 81 of them have been doled out so far.
Ryan McGeehan, manager of Facebook’s security response team, told CNET in a recent interview. “Having this exclusive black card is another way to recognize them. They can show up at a conference and show this card and say ‘I did special work for Facebook.'”
As anyone who’s ever come across a hardcore hacker surely knows, it is respect and appreciation, almost as much as money, that can drive them. A token such as this is a smart move. Too bad the program was unable to prevent Zuckerberg’s personal photos from leaking into the wild.
If its confirmed that companies will pay for protection from black hats, than blacks and greys might start using vulnerabilities to increase the risk to companies causing them to pay out more. I don’t think that is a good argument because it would probably have a greater effect if there wasn’t any reward to begin with, but its the only reason I can think of that offering rewards would increase black hat activity.