Khalil Shreateh, a computer security researcher discovered a bug that would allow someone to post onto a Facebook user’s private wall even if they were not a friend of that user. That’s a rather serious bug in the world of Facebook.
In true white hat (good guy hacker) fashion, he attempted to report the bug to Facebook but was rebuffed several times. In Facebook’s defense, he did not follow proper procedure and in his defense, English is not his first language. Again, in an effort to get his point across, he posted a note on Facebook founder Mark Zuckerberg’s private wall to alert him (and his security team) of the problem.
Within minutes he got a response. The problem has now been documented and has, in all likelihood, been fixed. But it appears he will not be paid for his work. If you didn’t know, many tech companies like Facebook pay white hats to find exploits (security holes) in their products. Then when reported, they are paid for their efforts. In this case, Shreateh has ben told that because he posted on private (not fake test) pages he won’t be paid despite his obvious efforts to do the right thing.
Obviously companies need to keep people like Shreateh working for them; not against them and paying them is a very simple way to do so. In this particular case, rather than acting in a vindictive and small way due to obvious embarrassment, Facebook should admit they screwed up, thank Shreateh for his efforts and pay him. He’s happy, they look like mature adults and the problems keep getting solved. Considering his payment would likely amount to a few thousand dollars; that seems like chump change (and common sense) to multi-billion dollar company.
To read the complete story, please click here.