1000+ Startup, SME's & Enterprises
September 6, 2020

Facebook warns third-party developers against unreliable code

Consult Our Experts

Facebook has introduced a policy update that will see third party developers contact the company if it detects a flaw in its code.

In a blog post announcing the move, Facebook said it “will sometimes find” critical bugs and vulnerabilities in the code and systems of third parties. “If that happens, our goal is to see these problems resolved quickly while ensuring that the affected people are notified so they can protect themselves by installing a patch or upgrading their systems.”

food app development

Facebook previously disclosed vulnerabilities to third-party developers, but the policy change officially codifies the company’s commitment to disclose and expose security vulnerabilities.

Ability disclosure programs, or VDPs, allow businesses to set the commitment rules for identifying and reporting security bugs. Also, VDPs support direct vulnerability disclosure and release once a bug is patched. Companies also use a bug bounty to compensate hackers who meet the reporting and disclosure requirements for the company.

Changing the policy isn’t altruistic. As with several other technology firms, Facebook depends on a lot of third-party code and open-source libraries. But it also puts third-party developers on alert by putting the update in writing if they don’t patch bugs promptly.

Casey Ellis, founder, and chief technical officer at the vulnerability disclosure platform Bugcrowd, said the policy change is becoming increasingly common for businesses with a “big, user-centric, third-party attack surface,” and parallels similar initiatives by Atlassian, Google, and Microsoft.

Facebook said it would send third-party developers 21 days to react when it detects a vulnerability, and 90 days to address the problems, a generally agreed timeline for detecting and remedying security issues.

The organization says it would make fair efforts to find the correct way to report a flaw, including but not limited to emailing security monitoring emails, filing bugs in bug trackers with no sensitive information, or filing support tickets. But the company said that it reserves the right to report earlier if hackers are actively exploiting the vulnerability, or delay its disclosure if it is decided that more time is required to address a problem.

Also read: Avo raises $3 million for its platform for analytical management

Generally speaking, Facebook said it would not sign a non-disclosure agreement (NDA) related to the security concerns it addresses.  Luta Security creator Katie Moussouris told that “the Devil will be in the details.” “The test will be the first time they need to pull the trigger and drop a zero-day — with mitigation guidance — onto a rival,” she said, referring to unpatched vulnerabilities where businesses have zero days to fix.

Conclusion:

The new policy explicitly focuses on how Facebook manages the disclosure of third party code issues. If researchers find vulnerability on Facebook or within their app family, they will continue to report the vulnerability through the current Bug Bounty Program.DisclaimerGet the best development solution for your app

Hire Our Development Experts.

    About Author


    Akansha Pandey, Director of Sales at Fluper, is a leader in technology sales with a decade of experience. Known for her strategic approach, she excels in driving business growth and forging strong client relationships. Akansha's expertise lies in consultative selling, team leadership, and exceeding revenue targets. Passionate about mentoring, she enjoys sharing insights with aspiring sales professionals.

    Akansha Pandey

    What Makes Fluper Different?

    Fluper is not an idea but an initiative to bring transformation aided by technology
    Learning with a team of seasoned experts and agile thinkers is a real-life experience.

    15+ Million

    Users Engagement

    Guaranteed

    Project Delivery

    Free

    Business Analysis

    Project

    Penalty Enforcement

    IBM

    Certified Partners

    1000+

    Projects Delivered

    16+ Years of

    Of IT Exposure

    Support

    24*7 Availability
    Our Blogs
         

    Transform Your Business With Insights on Digitalization, Automation, Technology Integration and ICT Trends.

    May, 20.2024

    App Development:

    Android apps that are dangerous for
    you, check now how to be safe!

    Read More

    Client's Testimonial

    We’ve been lucky to collaborate and deliver transformation
    with a long list of overseas clients.

    Their Statements are Proud
    Testaments to our Dedication

    Fluper is the best ICT Company that navigates the digital frontier with unmatched solutions pursuit for excellence. Undoubtedly, there is an intense contribution of agile thinkers and growth facilitators behind the screens of our developing excellence.

    • 4.5/5.0
    • 4.8/5.0
    • 4.9/5.0
    • 4.6/5.0
    • 4.8/5.0
    • 4.9/5.0

    1000+ Startups, SMEs & Enterprises

    Launch your Million Dollar Business Idea Into a Successful Growth Story.
    • Free Marketing

    • 2.5 Year Post Launch Assistance

    • Money Back Guarantee

    • Real-Time tracking & Support

    Schedule Call

    Our Global Presence

    500+

    Startups

    300+

    SMEs

    200+

    Enterprises

    We Built

    1000+

    Brands Globally

    30+

    Countries Served

    Office Address

    C- 142, Sector 63 Rd, C Block, Sector 63, Noida, Uttar Pradesh 201301

    Call Fluper

    IND: +91-959-955-1432

    Drop An Email

    [email protected]

    Our Skype Id

    live:hirefluper

    Whatsapp Fluper

    Global +91-9599551432

    Office Address

    104 Yes Business Tower, Al Barsha 1 Dubai

    Call Fluper

    UAE: +971-54-700-4175

    Drop An Email

    [email protected]

    Our Skype Id

    live:hirefluper

    Whatsapp Fluper

    Global +971-54-700-4175

    Office Address

    Building 1913 2nd Floor, Manama, Bahrain

    Call Fluper

    Bahrain: +973-3222-0548

    Drop An Email

    [email protected]

    Our Skype Id

    live:hirefluper

    Whatsapp Fluper

    Global +973-3222-0548

    Office Address

    Level 23, Collins Square Tower Five, 727 Collins Street Postcode VIC 3008 Melbourne Oceania Australia

    Call Fluper

    Australia: +61-29-1919-752

    Drop An Email

    [email protected]

    Our Skype Id

    live:hirefluper

    Whatsapp Fluper

    Global +61-29-1919-752

    Office Address

    120 High Road, East Finchley London, N29ED, Uk

    Call Fluper

    UK: +44-208-089-4432

    Drop An Email

    [email protected]

    Our Skype Id

    live:hirefluper

    Whatsapp Fluper

    Global +44-208-089-4432

    Office Address

    Laneoffice Suite Sarasota florida US.

    Call Fluper

    USA: +1-917-732-2131

    Drop An Email

    [email protected]

    Our Skype Id

    live:hirefluper

    Whatsapp Fluper

    Global +1-917-732-2131

    Let's Talk!