Fair enough. Further, you have to be the first to report a given bug, and the flaw you report must be one that affects private user data. Facebook’s Security Bug Bounty page gives cross-site scripting, cross-site request forgery, and remote code injection as specific examples of bounty-worthy fare.
If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you.
Unfortunately for many Facebook users, there will be no bounty for flaws exposed in the legions of third-party Facebook applications, nor any Websites that simply link to Facebook. Thus, your finger must still waver hesitantly over the mouse button every time you’re about to grant a third-party access to your account.
|HotHardware and CyberPower PC Spring...||121|
|Video Demo Pits 2012 Watch Dogs On PC...||19|
|The NSA Cites Anyone Using Encryption To...||16|
|Microsoft Confirms DirectX 12 Lives,...||15|
|Windows XP Slated To Be Mothballed April...||12|
|$179 ASUS Chromebox Up For Preorder||12|
|Panasonic's 20-inch Toughpad 4K Tablet...||10|