In the summer of 2011 Facebook set up their own bug bounty program to encourage more of their users to find and help prevent any bugs or glitches found within the social media site. With security being paramount to the success of many companies it is vital that social media companies are careful with the data their users have entered.
This is an intuitive method of software testing in which Facebook only have to pay out when users find bugs – much cheaper than hiring a whole software development team. Having access to a huge variety of software testers is also an advantage as they combine different skills and experiences to find bugs that others may miss.
Last year Sony revealed last year that 12700 credit card details were stolen by hackers, leading to the closure of their PSN online network for 23 days to the dismay of millions of its users. The cost of the outage was huge to the massive technology firm’s reputation, as well as its wallet, having to give out compensation packs to lure its tiring and agitated user base of over 77 million back in. This shows that even the biggest companies in the world can make oversights in testing and as a result be held hostage by hackers.
These flaws are more important to the users, whose information they willingly give up to sites and is at risk of being exposed and stolen against their will. And when that comes to bank details many users will find that to be a deal breaker when it comes to using that service again in the future.
To find out more about what bugs are common in software take a look at our Top 10 Reasons for Bugs in Software post.
Facebook’s new method to prevent information leakage is to offer hackers who have found an exploit within the social network, of over 800 million members, is to give them a debit card.
The new White Hat debit cards are given to researchers who have found a security hole within Facebook. The recipients can use the card like any other debit card and if they follow their security flaw with further discoveries then Facebook will add more funds to the card.
The rewards vary depending on how critical the exploit is deemed to be, with rewards ranging from $500 to $5000. Since the bug bounty program has been set up they have paid out 81 times, including several of the top rewards, indicating that potentially critical security flaws were rolled out without being flagged up in the testing stage of development.
The big question is whether or not these rewards are enough to convince hackers into handing over the flaw without taking any data first, especially when they are far more likely to earn more money by selling the data on via the black market. So does $5000 sound like a reasonable amount for something that may cost a huge multinational company millions?
Some companies offer more than just immediate financial compensation to these ‘white hat’ hackers, with several companies offering them full time positions to help improve system security and testing measures. A great example of hacker gone pro is the high profile case of George Hotz, the iPhone jail breaker and Playstation 3 modder, who was given a permanent role working on security issues at Facebook.
So are these efforts enough to convince the ‘black hat’ hackers to give up their old ways and go legit? Or should they be more concerned about thorough testing before a product is launched?
Either way, there is no substitute for comprehensive testing to nip any potential flaws in the bud before it’s too late. This is why proper Software Testing Training should be an essential for any software tester or researcher.