Hackerone : A bug bounty program by Facebook and Microsoft

October 2017



Microsoft and Facebook have launched a new bug bounty program to the attention of security experts. For each "massive and critical" flaw identified on various web products and languages, they will receive a reward ranging from several hundred to several thousand dollars.

This new "bounty program" is primarily aimed at computer security experts who can highlight vulnerabilities that may impend on the development of web tools and applications.

It comes with several conditions:
  • A critical flaw involving a large number of users,
  • A bug affecting several editors,
  • A bug affecting a publisher with a dominant position.


The reward threshold varies depending on the size and type of flaw detected.

Facebook and Microsoft challenge the "white hat hackers" to find flaws affecting programs, languages, security mechanisms and tools: Sandbox, OpenSSL, Python, Ruby, PHP, Rails, Perl , Phabricator, Nginx , or Apache httpd.

Note that: security experts outside the United States are allowed to participate in Hackerone ( with the exception of some countries) and must register via this online form.
Learn more: https://hackerone.com/ibb
Illustration Microsoft/Facebook - Hackerone
Original document published on CommentcaMarche.net.
Published by deri58. Latest update on November 8, 2013 at 10:26 AM by deri58.
This document, titled "Hackerone : A bug bounty program by Facebook and Microsoft," is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (ccm.net).