Finally, someone has realized that there is no such a thing as a bad investment in IT security. Finally, some positive news from the Facebook’s kitchen after the troubling series of events associated with the privacy controversies. This is what we need. A little bit of both to improve our IT security.
We need contests with prizes and bug bounty programs with awards. Facebook has generously awarded two German researchers with $50K for their paper “Static Detection of Second-Order Vulnerabilities in Web Applications.” The great thing about this news is that Facebook is willing to go to the next level.
The logic with this is quite a simple one. If we can detect these extremely important vulnerabilities, the next thing to do is to find a way to eliminate them successfully. Facebook is looking forward to seeing some additional research in this field. It will also invest some money for it, as well.
It comes without saying that is better to invest time and money in these kinds of IT security researchers, rather than to spy on your own users including all kinds of secret experiments, which threaten our privacy. Our hats off to Facebook for this one. We sure hope this is only the beginning.