Fluper is not Only an Idea But a Dream to Meet Business Needs
Mrs. Akansha Pandey CSO-(Chief Sales Officer)
- 16+
Yrs. Experience
- 375+
Certified Developers
- 30+
Countries Served
- 1000+
Startups, SMEs
Facebook has introduced a policy update that will see third party developers contact the company if it detects a flaw in its code.
In a blog post announcing the move, Facebook said it “will sometimes find” critical bugs and vulnerabilities in the code and systems of third parties. “If that happens, our goal is to see these problems resolved quickly while ensuring that the affected people are notified so they can protect themselves by installing a patch or upgrading their systems.”
Facebook previously disclosed vulnerabilities to third-party developers, but the policy change officially codifies the company’s commitment to disclose and expose security vulnerabilities.
Ability disclosure programs, or VDPs, allow businesses to set the commitment rules for identifying and reporting security bugs. Also, VDPs support direct vulnerability disclosure and release once a bug is patched. Companies also use a bug bounty to compensate hackers who meet the reporting and disclosure requirements for the company.
Changing the policy isn’t altruistic. As with several other technology firms, Facebook depends on a lot of third-party code and open-source libraries. But it also puts third-party developers on alert by putting the update in writing if they don’t patch bugs promptly.
Casey Ellis, founder, and chief technical officer at the vulnerability disclosure platform Bugcrowd, said the policy change is becoming increasingly common for businesses with a “big, user-centric, third-party attack surface,” and parallels similar initiatives by Atlassian, Google, and Microsoft.
Facebook said it would send third-party developers 21 days to react when it detects a vulnerability, and 90 days to address the problems, a generally agreed timeline for detecting and remedying security issues.
The organization says it would make fair efforts to find the correct way to report a flaw, including but not limited to emailing security monitoring emails, filing bugs in bug trackers with no sensitive information, or filing support tickets. But the company said that it reserves the right to report earlier if hackers are actively exploiting the vulnerability, or delay its disclosure if it is decided that more time is required to address a problem.
Also read: Avo raises $3 million for its platform for analytical management
Generally speaking, Facebook said it would not sign a non-disclosure agreement (NDA) related to the security concerns it addresses. Luta Security creator Katie Moussouris told that “the Devil will be in the details.” “The test will be the first time they need to pull the trigger and drop a zero-day — with mitigation guidance — onto a rival,” she said, referring to unpatched vulnerabilities where businesses have zero days to fix.
The new policy explicitly focuses on how Facebook manages the disclosure of third party code issues. If researchers find vulnerability on Facebook or within their app family, they will continue to report the vulnerability through the current Bug Bounty Program.
Author
Akansha Pandey, Director of Sales at Fluper, is a leader in technology sales with a decade of experience. Known for her strategic approach, she excels in driving business growth and forging strong client relationships. Akansha's expertise lies in consultative selling, team leadership, and exceeding revenue targets. Passionate about mentoring, she enjoys sharing insights with aspiring sales professionals.
Fluper Different?
We’ve been lucky to collaborate and deliver transformation
with a long list of overseas clients.
Free Marketing
2.5 Year Post Launch Assistance
Money Back Guarantee
Real-Time tracking & Support
Schedule CallC- 142, Sector 63 Rd, C Block, Sector 63, Noida, Uttar Pradesh 201301
IND: +91-959-955-1432
Global +91-9599551432
104 Yes Business Tower, Al Barsha 1 Dubai
UAE: +971-54-700-4175
Global +971-54-700-4175
Building 1913 2nd Floor, Manama, Bahrain
Bahrain: +973-3222-0548
Global +973-3222-0548
Level 23, Collins Square Tower Five, 727 Collins Street Postcode VIC 3008 Melbourne Oceania Australia
Australia: +61-29-1919-752
Global +61-29-1919-752
120 High Road, East Finchley London, N29ED, Uk
UK: +44-208-089-4432
Global +44-208-089-4432
Laneoffice Suite Sarasota florida US.
USA: +1-917-732-2131
Global +1-917-732-2131