Polish IT security portal Niebezpiecznik.pl, which recently published an image of a bug bounty card given to Szymon Gruszecki, a Polish security researcher and penetration tester. Neal Poole, a junior at Brown University, has reported close to a dozen flaws to Facebook, and also recently received a White Hat card. Poole has earned cash reporting flaws to Google and Mozilla.
Charlie Miller, Announced – Best White Hat Hacker of Year at The Hacker News Awards 2011 and a Researcher & former hacker who has become an information security consultant now working with the Department of Defense (DOD) and helping out with cyber security, better known for finding holes in iOS 5 and Safari than Facebook, also has received a White Hat card. “Facebook whitehat card not as prestigious as the SVC card, but very cool 😉 Fun way to implement no more free bugs,” he tweeted.
Security researchers are getting a customized “White Hat Bug Bounty Program” Visa debit card. The researchers, hackers can make thousands of dollars for reporting just one security hole to Facebook. White Hat hackers can use the card to make purchases, just like a credit card, or create a PIN and take money out of an ATM.
Facebook wanted to do something special for the people who are helping Facebook. “Researchers who find bugs and security improvements are rare, and we value them and have to find ways to reward them, Having this exclusive black card is another way to recognize them. They can show up at a conference and show this card and say ‘I did special work for Facebook.” Ryan McGeehan, manager of Facebook’s security response team.
Hackers can make $500 or more by following Facebook’s Responsible Disclosure Policy and not go public with the vulnerability information until the hole has been fixed. The most Facebook has paid out for one bug report is $5,000. Payments have been made to 81 researchers yet.