Facebook's White Hat VISA Card
Facebook's White Hat VISA Card
Written by Alex Armstrong   
Tuesday, 03 January 2012

Facebook launched its bug bounty program over six months ago but has gone a step further by handing out White Hat Visa debit cards to those who have uncovered security flaws.

Facebook isn't unique is paying White Hat hackers for investigating and reporting security bugs to them, Google and Mozilla Labs also among other big web concerns that give cash rewards for revealing security flaws.

But by issuing a Visa Debit Card specifically to pay for the bug bounty it offers, Facebook has devised a novel reward that lends itself to oneupmanship, as Ryan McGeehan, manager of Facebook's security response team, explained to  CNET:

"Researchers who find bugs and security improvements are rare, and we value them and have to find ways to reward them. Having this exclusive black card is another way to recognize them. They can show up at a conference and show this card and say 'I did special work for Facebook.'"


whitehatcc

 

According to the Security Bug Bounty page of Facebook, $500 is a typical bounty, more for some specific types of bug. A bug will only be paid for once, to the first person to report it, and to be eligible for the bounty you have to adhere to Facebook's Responsible Disclosure Policy which is spelled out on its Information for Security Researchers page along with a list of those who have already successfully reported bugs.

The White Hat card works like any VISA debit in that you can withdraw cash from an ATM or use it to pay for purchases - the difference is that it is Facebook that puts money into your account as a reward for bug hunting services.

While the White Hat VISA certainly has cachet, it isn't entirely practical. Once of the first to be issued was to Polish security researcher Szymon Gurszecki. As reported by Brian Krebs, Gurszecki decided that cool as the White Hat card he wanted Facebook to send his earnings another way, saying that using the card incurred too many fees in his country.

Even a US White Hat, Neil Poole, who has reported over a dozen flaws to Facebook and does use his card to transfer cash to his bank account, would be wary about using it in public telling Krebs:

I don't think I'd want to use the card like that at Black Hat or DefCon. It'd probably get cloned.

 

To be informed about new articles on I Programmer, subscribe to the RSS feed, follow us on Google+, Twitter, Linkedin or Facebook or sign up for our weekly newsletter.

 

 
 

 

blog comments powered by Disqus

 

Banner


Adversarial Attacks On Voice Input
31/01/2018

The Alexa, Google Voice, Siri or Cortana revolution is bringing voice control into every home. The AI revolution has started without us even noticing and it is far from secure. It seems to be fairly e [ ... ]



MongoDB Finds Devs Held Back By Maintenance and Admin
07/02/2018

Research commissioned by MongoDB has revealed that while developers are recognised as the key drivers of enterprise innovation they are so heavily burdened with upkeep of infrastructure that their tal [ ... ]


More News


Last Updated ( Tuesday, 03 January 2012 )
 
 

   
Banner
Banner
RSS feed of news items only
I Programmer News
Copyright © 2018 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.