|
|
|
|
|
|
by yashkadakia
4690 days ago
|
|
|
I want to step in here - Facebook is in no-way trying to save a few bucks. I've reported a few bugs to Facebook and they go out of their way to pay you greater sums depending on the severity. You just have to be professional and disclose in-detail with steps to reproduce. |
|
|
Though the Facebook engineer conceivably could have offered to give the guy's email to a native speaker or tried to get more detail from him, I don't blame the initial Facebook engineer for dismissing it on the spot given that he probably had a few dozen other messages like that on the same day to review and deal with.
But it's all about perception here. The end result of this is a big PR loss for Facebook if they want to protect their users and get people to submit bug reports without having to fear that they'll lose out on money.
The next time an inexperienced foreigner discovers an exploit they'll research this topic and see that Facebook answered this guy with a "thanks for working for us for free" message. So what will happen is that when some spammer comes around with a few thousand dollars in cash vs the uncertainty of dealing with Facebook, odds are the exploit will go to him rather than Facebook. They won't read about the hundreds of times that Facebook did pay up, but the couple of times they didn't.
So this is just a big loss for the internet because Facebook made it that much more likely that people will sell their exploits to all kinds of nefarious people.