Facebook Security Terms Change Removes Risk for Those Who Report Problems

With the removal last week of a single phrase in its policy around reporting security issue, Facebook has made it easier for “white hat” security experts to help it find vulnerabilities.

The policy, below, no longer contains this line: “and have not conducted research that would violate the terms of our Statement of Rights and Responsibilities.” It now reads:

We encourage security researchers who identify security problems to embrace the practice of notifying website security teams of problems and giving them time to fix the problems before making any information public. To make researchers feel comfortable bringing issues to our attention, we have adopted the following responsible reporting policy: If you share details of a security issue with us and give us a reasonable period of time to respond to it before making it public, and in the course of that research made a good faith effort to avoid privacy violations, destruction of data, or interruption or degradation of our service, we will not bring any lawsuit against you or ask law enforcement to investigate you for that research.

In other words, Facebook is making it clear that experts who conduct terms-breaking research won’t be targeted simply because they broke a policy in order to discover a problem.

You can find more information on Facebook’s Security Page. It also provides this running list of individuals who have made a “responsible disclosure” to the company:

  • Mat Henley
  • Roger Thompson
  • John C. A. Bambenek
  • Alexander Sotirov
  • Jeff Williams
  • Kristopher Tate
  • John C Mitchell
  • David Bloom
  • Chris Barton
  • Patrick Maguire
  • Arnaud Granal
  • Neil Fryer
  • Steven Adair
  • Stephen Sclafani
  • Edgard Chammas
  • Ronen Zilberman
  • Mike Bailey
  • Juan Galiana
  • Francisco Alonso
  • Vikram Thakur
  • Cumhur Onat
  • Ivan Buetler
  • Joachim De Lombaert
  • Jim Wigginton
  • Tal Be’ery
  • John Jean
  • Harlan Yu
  • Nathan Whitmore
  • Nir Goldshlager
  • Szymon Gruszecki