Facebook to Expand Bug Bounty Program

Now the project involves third-party websites and applications
19 September 2018   507

Facebook announced the expansion of the reward program for finding errors associated with fraudulent access tokens.

When authorized in an application via Facebook, the user receives a unique access token. Once in the hands of an attacker, such a token can be used on the basis of permissions set by its owner.

Now the project involves third-party sites and applications, namely:

  • Instagram;
  • Internet.org / Free Basics;
  • Oculus;
  • Onavo;
  • Open Source platform (based on Facebook);
  • WhatsApp.

Developers Facebook updated the terms of service, which included the main criteria for filing a complaint about the error. The main one is that the complaint should have a clear confirmation, demonstrating how to receive tokens. Claim can be made by contacting Facebook security.

The Facebook team is ready to pay $ 500 for the vulnerability found in the application or on the site, if the report on it is compiled correctly. Complaints will be accepted only if the user has found an error with the help of passive information viewing and did not use it in any way for own purposes.

The company also established a list of problems for which this program does not apply:

  • spam and social engineering techniques;
  • denial of service attacks;
  • introduction of content if the risk is not proven;
  • security vulnerabilities in third-party applications and on third-party sites integrated with Facebook (including most of the pages on apps.facebook.com);
  • execution of scripts on domains-sandboxes (for example, fbrell.com or fbsbx.com).

Raising the issue of security and speed of problem-solving, the developers of Facebook have created a tool called SapFix, which automatically generates and implements patches. The development is based on artificial intelligence, which independently finds errors in the design and offers correction options.

Tiobe February 2019 Index Released

Groove language is in top 20 again; it's popularity increased due to Gradle; Java is 1st
11 February 2019   255

In February, search engine statistics showed that the dynamically typed Groovy language is gaining popularity again. As analysts of TIOBE noted, it was already in the top twenty of the TIOBE index in 2016 on the wave of interest in the Jenkins system for continuous integration. Now it is pushed forward by the Gradle assembly automation system.

TIOBE Februry 2019 Index
TIOBE Februry 2019 Index

More analysts noticed that the language Hack this month entered the top 50, and TypeScript left it (in their opinion, temporarily). Since February last year, Python and C ++ swapped places, and again topped the list with Java and C.