20 August 2009

Facebook and responsible disclosure

Okay, so a few nights ago, I decided to spend some time finding some vulnerabilities on Facebook, and lo and behold, I found one. Once I managed to find a contact for the security team at Facebook, I dropped then an e-mail on what I found, and I got a response the same evening. All I can say on the topic of a quick response from a company in response to Facebook is WOW! These guys really are serious about security. I was planning on publishing the details on what I found over at SecuriTeam, but I have decided against it, purely because of the response that I received from Facebook. Thank you Facebook, you have restored my faith in social networking. A huge thanks to Gerry.Eisenhaur and Technocrat for their help in testing, couldn't have done this without you guys.

No comments: