The Inquirer-Home

Facebook adds Oculus VR bounties to bug hunter buffet

Minimum of $500 on offer
Thu Aug 21 2014, 10:26
Facebook paid $2bn for Oculus, now it is paying to keep it secure

SOCIAL NETWORK Facebook has added its recent acquisition Oculus VR to its bug hunting bonus payout offer.

Facebook only pays out to individuals, it said, and its lowest bounty amount is $500. The actual payout award depends on the circumstances and, one would expect, the potential impact of the vulnerability.

Facebook paid some $2bn for Oculus VR, it might be safe to assume that the social network values its security just as highly as its own.

Since it launched its bug bounty programme Facebook has paid out a number of awards, including one for a flaw that affected account login, which it awarded a $20,000 reward. The Verge reports that last year Facebook parted with some $1.5m.

When Facebook launched the payout system it was criticised by a Sophos blogger for being slow to the party and cheap with its rewards. "Facebook is the most recent company to come to the bug-bounty party, officially announcing recently that 'to show our appreciation for our security researchers, we offer a monetary bounty for certain qualifying security bugs'," said Sophos' Paul Ducklin.

"There's been general approval of this step, though a few observers have claimed that Facebook's bounty is a bit on the cheap side."

Facebook's terms say that while bug finders will get only one reward per disclosure, it does not place any limit on the amount of each reward.

However, the firm is has been criticised for its payments so far, even when it paid out $20,000. Then bloggers reacted to the bounty with the suggestion that perhaps it was worth much more. "This issue is worthy [of a] million dollars," said one commenter.

We have asked Facebook to confirm that it has added Oculus VR to its white hat hackers posse programme. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Microsoft's Windows 10 Preview has permission to watch your every move

Does Microsoft have the right to keylog users of its Windows 10 Technical Preview?