Facebook is working on setting up a bug bounty program that would encourage security researchers to discover vulnerabilities on its platform and report them responsibly. Facebook is one of the few companies that explicitly state in their official policies that as long as the vulnerability reporter doesn’t exploit it to damage the system or compromise the data, it will not take legal action against them or notify the authorities. No details about the program’s possible payouts or rules have been released, but we’re hoping the rewards will at least match those offered by Mozilla and Google.
Source: https://thehackernews.com/2011/05/facebook-prepares-to-launch-bug-bounty.html