The expanded bug bounty program by Meta will open up two new areas of research and will reward valid reports of scraping bugs and unprotected data sets.
The bug bounty program by Meta is designed with the objective of unearthing bugs used by cyber attackers to bypass scraping limitations to access data.
Furthermore, Meta will also reward reports of unprotected or openly public data sets containing at least 100,000 unique Facebook user records that include personally identifiable information such as email, phone number, physical address, religious, or political affiliation, which was not previously known or reported to Meta.
Once the reports are validated, Meta will attempt to remove the data set or resort to legal means to address the issue. The rewards will be in the form of charity donations to nonprofits of the researchers’ choosing.
To ensure a community of new and existing external researchers is sustained, Meta has also aligned more efforts. To create educational opportunities for these researchers Meta will be including sessions discussing practical techniques and approaches for discovering and reporting critical vulnerabilities, in the annual conference BountyCon.
Similarly, Meta will also host a conference in Madrid called BountyConEDU for students based out of Europe which aims to educate about bug bounties, bug hunting, and product testing for valid vulnerabilities.