I think it’s a great initiative this Bug Bounty Program. Apparently quite a few companies are doing this, i.e. payment to white hat hackers, who report a security flaw.
Facebook has this initiative. However when a researcher and white hat hacker (Khalil from Pakistan) reported a flaw to the FB security team, they responded saying it was not a flaw. Well this was just a little bit annoying. He tried a couple of times for them to understand, and then he said, ok warned them that he would exploit the flaw.
The flaw allowed anyone that is not in your friends list to post directly on your FB Wall! So Khalil posted a message onto Mark Zuckerberg’s Wall. Facebook refused to pay the bounty amount to Khalil on the premise that he didn’t follow protocol.
Now this is old news… about a week old. However, what is new is that the CTO of a company called BeyondTrust decided that Khalil should be compensated for his service and created a crowd-sourced fund for the researcher, with a goal of reaching $10,000 after which the amount will be deposited in Khalil’s account. In addition to that, Maiffret deposited $3,000 from his own pocket to the fund. In less than 24 hours, 79 people contributed nearly $9,000 into the fund. Read more HERE.