|
|
|
|
|
|
by eli
4971 days ago
|
|
|
It shouldn't take you more than one Google query to find the place to report Facebook security problems. I don't think it's a good idea to link it from the general support section -- you don't want the security team that is hopefully carefully monitoring this stuff to have to wade through thousands of regular customer service complaints. |
|
|
I agree that you don't want reporting a security issue to supersede the general case of problems, but as things stand it is hard to figure out how to report a real security issue if you don't know about that magic whitehat url.
Googling "facebook security" brings
#1 result: https://www.facebook.com/security
no information on reporting problems there
#2 result: https://www.facebook.com/help/security
this one has a Report Something link... but that doesn't give you options for reporting a security issue, just TOS violations or copyright infringement.
#3 result: https://www.facebook.com/security/app_10442206389
This looks better than the other two, but there is still nothing here about how to report a security issue.
Knowing what to look for, there's a hidden "Take Action >> White Hats" link that will eventually take you to the correct page: https://www.facebook.com/security/app_6009294086
So click that link... and presented with a huge page of names and still no obvious call to action: https://www.facebook.com/whitehat
Oh, it's the Report Vulnerability link in that sidebar that we're been conditioned to ignore in the normal Facebook UI.
https://www.facebook.com/whitehat/report/
---
Just to recap, in order to find how to submit a security bug report, it took me 15 minutes and I still only found it because I knew the term to look for was "white hat" and not "security".