[ISN] ‘Bounty Hunter’ Earns Record Payout, and Job, from Facebook

http://blogs.wsj.com/digits/2014/04/03/bounty-hunter-earns-record-payout-from-facebook/ By REED ALBERGOTTI Digits The Wall Street Journal April 3, 2014 Reginaldo Silva was poring over computer code in November when the one-time software engineer found what he thought was a security loophole on Facebook’s servers. The discovery led to the largest “bug bounty” ever paid by the company, and a job for Silva as an engineer at Facebook. Silva earned $33,500 for notifying Facebook of the flaw, which he said could have allowed a hacker to enter Facebook’s servers and execute code. In a worst-case scenario, the breach could have allowed the hacker to access Facebook accounts or even spread a computer virus to members. A Facebook spokesman said any manipulation of its servers would have been quickly identified and stopped by the company. Facebook employs hundreds of engineers who ferret out loopholes and bugs, but like many companies offers rewards to “white hat” hackers who find undetected chinks in the digital armor. “They’ve found things we wouldn’t have found,” says Alex Rice, head of product security at Facebook. “The bounty program has by far been the best tool we have for identifying bugs that make it out into the wild.” […]