Today web security is a big problem for many internet giant companies. So to overcome security issues, many companies like Facebook, Microsoft, Google, Apple had introduced bug bounty programs.
Krutarth Shukla, youngster based in Surat is awarded by 1000$ as bounty and white hat by the bounty program of Facebook. Krutarth just completed B.tech In Computer Science from Shankara Institute, Jaipur and he is currently working as a freelancer.
What is Facebook Bug Bounty Program?
Facebook’s white hat bug bounty program is started with aim to fix security issue in Facebook so user’s privacy can be ensured, program is managed by security experts who works at Facebook.
Under this program, security researchers around the globe, report security vulnerability to the facebook, once their reported security vulnerability is approved from facebook team then they get paid bounty, bounty depends on level of risk of security vulnerability.
Usually facebook pays 500$ as bounty. Security researchers spend many hours or even many days to find security vulnerability (bugs). They use set of tools in many cases, but usually they tries to do it manually.
Krutarth in White Hat List of Facebook
Security researchers who made responsible disclosure to facebook, their names are added to white hat list. Currently there are total 113 security researchers are on the list, in which 11 are Indians. Krutarth is one of the 113 white hats and the second name from Gujarat.
Our Conversation with Krutarth
Here is an extraction of the conversation between Krutarth Shukla and BuddyBits.com.
How you came to know about this program?
I came to know about this program from cnet.com News.
What kind of message (Technical/ Non-technical) you sent?
I sent message along with technical details including the reason behind occurrence of this security vulnerability, with a source URL of vulnerability.
What is the process and how much time it takes?
Once we report issue thier secuirty team analyze the bug and take decision for approval. Once it’s approved, thier engineers start fixing issue. And after it they pay bounty.
It would take about 10 days to 1 month of bug approval. Then they email a form. Once we mail form, they pay bounty. This procedure may takes 2 to 3 months.
What reward you get, and how they made payment?
Usually they gives bounty 500$, i had reported 2 bugs. So i got 1000$ as bounty.
Either they make payment via Paypal or issues a Black Card [Prepaid Debit Card ]. But now a days, they only issue Black Card.
BuddyBits.com Exclusive Report