Facebook Increases Bug Bounty Payouts to Improve User Security

eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Today’s topics include Facebook boosting bug bounty payouts for account takeover flaws, and Alcide securing funding to advance its cloud-native security firewall platform.

In an effort to improve user account security and mitigate hijacking threats, Facebook announced on Nov. 20 that it is increasing the awards it pays out to security researchers for responsibly disclosing flaws. The increases come via Facebook’s bug bounty program, which provides financial rewards for researchers who report issues to the social networking giant.

According to Facebook’s Bug Bounty team, their “goal is to ensure that these vulnerabilities … are reported … in the most responsible and timely manner.”

For account takeovers, Facebook is now paying researchers an award of $40,000 for flaws where no user interaction is required and $25,000 if only minimum user interaction is needed for the attack to achieve an account takeover.

Additionally, Facebook is looking to make it easier for security researchers to report potential account takeover issues by not requiring attacks to be able to bypass Facebook’s Linkshim, which is a technology that attempts to block phishing URLs.

Israeli microservices visibility startup Alcide has announced that it raised $7 million in a Series A round of funding to build out its microservices firewall platform that looks to help solve the visibility and control challenges of the modern cloud-native application environment. This brings total funding to date for the company to $12.2 million.

According to CEO and co-founder Ranny Nachmias, “[Alcide’s] approach is based on how the holy triangle between infrastructure, networking and applications should look like in a modern environment.”

Alcide was founded in 2016, and the company’s flagship microservices firewall platform became generally available on April 3. The platform was further expanded on July 11, with serverless, functions-as-a-service security capabilities.