
So there's this guy. Khalil Shreateh, of Palestine. He uncovered an ever-so-slightly significant bug in Facebook's security that would essentially allow anyone who discovered it to post messages to anyone's timeline, friend or not.
Imagine, just for a few seconds, what could be done with that kind of power. Now stop before you sicken yourself.
But did this guy sell off his discovery? Heaven knows he could have, and he would have probably made a mint.
No, Shreateh decided not to profit selfishly from his discovery. Instead, he reported it to Facebook.
And Facebook ignored him.
So, what's this guy to do? In his pocket he carries the digital equivalent of a superpower. He doesn't know who else knows about it yet. What would happen if someone decidedly greedier than Shreateh discovered this glitch? As it turns out, Shreateh didn't want to find out, thank goodness.
So, since the conventional method didn't work, he did the next thing he could think of to get Facebook's attention.
He utilized the bug he'd discovered and posted on Mark Zuckerberg's timeline.
And then, Facebook paid attention. Facebook even apologized for initially brushing Shreateh aside.
But they didn't reward him. Normally, people who report vulnerabilities to Facebook can be rewarded under the company's "Bug Bounty" program.
What do YOU think?
On the one hand, Shreateh didn't follow the rules. Facebook's Bug Bounty program makes it clear it will not reward people who actually deploy the bugs they discover. On the other, Facebook mistakenly brushed aside a security bug that, had it fallen into the wrong hands, could have been catastrophic for its business and people's privacy.
Personally, I think Facebook should throw this guy a bone. It's not his fault someone at Facebook was asleep at the wheel.
|