Facebook revealed a few days back that it has decided to double the rewards being given to developers who find bugs in the social network’s ads code. The SNS has run a comprehensive security audit on the same, following which it has made the decisions to increase the rewards, but for a limited time only.
According to a blog post on the company’s official page, the double bounties will be provided to developers through the end of 2014. As mentioned above, Facebook carried out a security audit on its ads code and even squashed a lot of bugs in the process.
But that doesn’t mean the ads code is free from inconsistencies. If there’s one thing we’ve learned is that bugs can still prevail even after numerous fixes and that’s mainly why the bounty has been doubled. It’s basically to encourage developers to scrub the code clean and report any issues Facebook may have overlooked in its audit.
The blog post has listed out a sample of whitehat bugs which was been fixed already and it further notes that developers aren’t likely to find common web security bugs in the code like XSS. Instead, they should look out for missing or incorrect permissions checks, problems with SWFs, insufficient rate-limiting and other issues.
On an ending note, the SNS notes that using a whitehat test account is a viable way of reporting issues. For tips on successfully finding bugs in the ads code and a lot of other information, be sure to check out the full Facebook blog post which can be found at this link.