http://blogs.wsj.com/digits/2014/04/03/bounty-hunter-earns-record-payout-from-facebook/
By REED ALBERGOTTI
Digits
The Wall Street Journal
April 3, 2014
Reginaldo Silva was poring over computer code in November when the
one-time software engineer found what he thought was a security loophole
on Facebook's servers. The discovery led to the largest "bug bounty" ever
paid by the company, and a job for Silva as an engineer at Facebook.
Silva earned $33,500 for notifying Facebook of the flaw, which he said
could have allowed a hacker to enter Facebook's servers and execute code.
In a worst-case scenario, the breach could have allowed the hacker to
access Facebook accounts or even spread a computer virus to members. A
Facebook spokesman said any manipulation of its servers would have been
quickly identified and stopped by the company.
Facebook employs hundreds of engineers who ferret out loopholes and bugs,
but like many companies offers rewards to "white hat" hackers who find
undetected chinks in the digital armor.
"They've found things we wouldn't have found," says Alex Rice, head of
product security at Facebook. "The bounty program has by far been the best
tool we have for identifying bugs that make it out into the wild."
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
