Hackerone : A bug bounty program by Facebook and Microsoft

December 2016



Microsoft and Facebook have launched a new bug bounty program to the attention of security experts. For each "massive and critical" flaw identified on various web products and languages, they will receive a reward ranging from several hundred to several thousand dollars.

This new "bounty program" is primarily aimed at computer security experts who can highlight vulnerabilities that may impend on the development of web tools and applications.

It comes with several conditions:
  • A critical flaw involving a large number of users,
  • A bug affecting several editors,
  • A bug affecting a publisher with a dominant position.


The reward threshold varies depending on the size and type of flaw detected.

Facebook and Microsoft challenge the "white hat hackers" to find flaws affecting programs, languages, security mechanisms and tools: Sandbox, OpenSSL, Python, Ruby, PHP, Rails, Perl , Phabricator, Nginx , or Apache httpd.

Note that: security experts outside the United States are allowed to participate in Hackerone ( with the exception of some countries) and must register via this online form.
Learn more: https://hackerone.com/ibb
Illustration Microsoft/Facebook - Hackerone
Original document published on CommentcaMarche.net.

Related :

This document entitled « Hackerone : A bug bounty program by Facebook and Microsoft » from CCM (ccm.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.