For reporting a major vulnerability flaw in Facebook, a Cebu-based IT security professional has been rewarded $4,500 (about P195,000) under the social networking giant?s ?bug bounty program?.
PinoyHackNews site reported on Monday, Aug. 5, that Roy Castillo was given the monetary reward after the Danao, Cebu-based developer informed Facebook of a security hole that disclosed the private primary email address of a Facebook user without him or her doing any interaction.
?Last month, I found [a] vulnerability in Facebook Developer Application Roles Page which allow[ed] me to disclose the primary Facebook email address even if the victim set the email address privacy to ?Only Me?,? Castillo said in his blog, adding that the bug was immediately fixed by Facebook.
Facebook?s bug bounty program rewards security researchers who report issues to the social networking site. So far the initiative has paid out more than $1 million in bounties.
?329 people have received a bounty so far. Some are professional researchers; others are students or part-timers. The youngest bounty recipient to date is 13 years old,? the company said.
Apart from Facebook, Castillo said in his blog profile that he has been ?listed and acknowledged by Google, Apple, Twitter, eBay, Zynga, RedHat etc. for reporting security vulnerabilities.?
Castillo described himself as a programmer and Web developer, who is also interested in Web application security.