[shimon_e]

I submitted a report to facebook about privacy setting circumvention. Didn't receive a response. Didn't receive a bounty. Facebook DID fix the bug after some months.

Feel a bit cheated that a billion dollar company couldn't take the time to respond... if I had the time I'd follow up with them.

[arice]

I'm very sorry you had this experience. We would never intentionally ignore a legitimate bug report. If you could send me a message (link in profile) with the e-mail address you used, I'd be happy to get to the bottom of this.

[AustinGibbons]

Bummer to hear, I too reported a privacy setting circumvention, and I did receive compensation. I think a big part of it is being the first person to report the error.

[ssclafani]

To report a security or privacy vulnerability to Facebook use their Report a Security Vulnerability form: http://www.facebook.com/whitehat/report/ Anyway else and you risk your report not being received.

[shimon_e]

I did.

[rmc]

This is why we have "Responsible Disclosure". Basically if you make a good faith attempt to tell the company in private, and they do nothing, it is then not wrong for you to publicly release details of the exploit. This tends to get their attention.

[loceng]

Probably wanted to avoid more flack related to privacy concerns ...

[shimon_e]

In that case they should have expedited a cheque in the mail. I thought they are offering money so we aren't tempted to sell it to malicious parties.