Meta is expanding its bug bounty program to find more vulnerabilities and create a backup plan to tackle them
Meta Platforms announces an enhancement in its existing bug bounty program. This enhancement introduces data scraping, making it the first bug bounty program that offers this functionality. In addition, the program will have further opportunities for researchers to educate themselves about bug bounty and data scraping.
The purpose of the bounty program
Meta, previously known as Facebook, will allow individuals to test bugs and vulnerabilities in the system. This will allow it to create counter strategies and contingency plans in an attack. The inclusion of data scraping is to check vulnerabilities in the scraping limitation. If an attacker can bypass these limitations, they have access to a larger volume of data. To protect sensitive data, meta invites researchers to find the vulnerabilities and present reports. Meta has agreed to reward individuals for these reports (if someone else has not reported them). Since its launch, Meta has paid $14 million in bounty and received over 150,000 reports.
It is also looking to attract researchers by offering educational material. The education material can help new and existing researchers understand certain software and hardware bug hunting topics.
BountyCon is the annual conference held by Meta, where top researchers host sessions to educate the guests on practical methodologies and techniques to identify and report critical vulnerabilities. Meta is deciding on hosting a new conference known as BountyConEdu in universities to help students learn more about the industry
It has taken a smart approach to test their system and, with the help of researchers, allowing them to cut costs of executing scraping themselves. Time will tell if this strategy succeeds when Meta is released to the open market.