Hacker News new | comments | show | ask | jobs | submit login

Facebook is doing the right thing here. Very few companies have a responsible disclosure policy, much less a reward system.

You take a huge risk even notifying companies of a security flaw you found, since that usually implies you were doing unauthorized penetration testing and they'd have a case against you under the oh-so-wonderful CFAA. Or they'll just ignore you completely and never patch the flaw.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact