Msg#: 4603233 posted 11:39 am on Aug 19, 2013 (gmt 0)
That's pretty mean-spirited not to pay out, imho.
A Palestinian programmer has highlighted a flaw in Facebook's security system by posting a message on Mark Zuckerberg's private page.
Mr Shreateh said he had tried to use Facebook's White Hat scheme, which offers a monetary reward for reporting vulnerabilities, but had been ignored. Facebook said it had fixed the fault but not would be paying Mr Shreateh. Mr Shreateh found a security breach that allowed Facebook users to post messages on the private "walls" of people who had not approved them as "friends", overriding the site's privacy features. Mark Zuckerberg's Private Page Hacked To Highlight Security Flaw [bbc.co.uk]
An engineer on Facebook's security team, Matt Jones, posted a public explanation saying that although Mr Shreateh's original email should have been followed up, the way he had reported the bug had violated the site's "responsible disclosure policy".
He added that as Mr Shreateh had highlighted the bug "using the accounts of real people without their permission", he would not qualify for a payout.