What is bug bounty education
The bug bounty education help centre aims to share knowledge for security researchers participating in Meta’s bug bounty program.
The content shared here aims to achieve 2 things:
Lower the bar to entry for new researchers
Improve the ability of experienced researchers to test our products
Lowering the bar to entry for new researchers
Given the scale of Meta’s products new researchers may have a hard time understanding the scope, the security expectations of certain features, what kind of vulnerabilities to test for or how test them to begin with.
To help researchers get started we are sharing setup & testing guides along with a list of commonly reported false positives for Meta’s core products. This significantly reduces the time researchers need to spend ramping up on how to test Meta efficiently and effectively with higher chances of success when participating in our bug bounty program.
Improve the ability of experienced researchers to test our products
Experienced researchers may want to test products or features that are very specific to Meta, this means that the chances of relying on already published material being able to set up a researcher for success in our bug bounty program are lower. This may be because certain technology used in Meta’s technology stack is not documented publicly (for example a network protocol) or because a feature is complex in design, making the security or privacy expectations not always clear. The long term goal of the help centre is to publish tools & documentation to make the testing process of our products and their features as frictionless as possible.
