The last item included in a short list of changes that Facebook said it would make to its platform in the wake of the growing Cambridge Analytica scandal - growing its bug bounty programme to include developer misuse of data - could set a trend in the industry going forward.
“Facebook's bug bounty programme will expand so that people can also report to us if they find misuses of data by app developers,” the company wrote in a Monday blog post. “We are beginning work on this and will have more details as we finalise the programme updates in the coming weeks.”
Craig Young, computer security researcher for Tripwire's Vulnerability and Exposure Research Team (VERT), said the “move by Facebook really makes a lot of sense” to him. “By expanding their bounty programme to include data misuse by app developers, Facebook may have found a way to mobilise their community to self-police,” he said. “It will be interesting to see if this if spurs new bug bounty participation including people less technical than the typical bug hunter.”
Young said the social media company's move, “could be the start of a trend toward more policy-oriented bug bounties from social media platforms.”
Facebook also stated that if it found “developers that misused personally identifiable information (PII), we will ban them from our platform” and take it a step farther by removing “an app for misusing data, we will notify everyone who used it.”