| It shouldn't... but it could be easier. I've been in the situation before where I wanted to report malware on facebook and I couldn't figure out where to report it. I agree that you don't want reporting a security issue to supersede the general case of problems, but as things stand it is hard to figure out how to report a real security issue if you don't know about that magic whitehat url. Googling "facebook security" brings #1 result: https://www.facebook.com/security no information on reporting problems there #2 result: https://www.facebook.com/help/security this one has a Report Something link... but that doesn't give you options for reporting a security issue, just TOS violations or copyright infringement. #3 result: https://www.facebook.com/security/app_10442206389 This looks better than the other two, but there is still nothing here about how to report a security issue. Knowing what to look for, there's a hidden "Take Action >> White Hats" link that will eventually take you to the correct page: https://www.facebook.com/security/app_6009294086 So click that link... and presented with a huge page of names and still no obvious call to action: https://www.facebook.com/whitehat Oh, it's the Report Vulnerability link in that sidebar that we're been conditioned to ignore in the normal Facebook UI. https://www.facebook.com/whitehat/report/ --- Just to recap, in order to find how to submit a security bug report, it took me 15 minutes and I still only found it because I knew the term to look for was "white hat" and not "security". |
Perhaps you're right. But "Facebook report a vulnerability" works just fine and that's what I would have tried if I were trying to report a vulnerability.