Facebook revised its bug disclosure policy last week to protect vulnerability researchers from potential lawsuits stemming from their discoveries. Vulnerability researchers are protected from prosecution if they make a good faith effort to avoid privacy violations, destruction of data, or interruption or degradation of our service. The policy is similar to bug bounty programs Google and Mozilla have proposed, albeit a bit more pessimisticistic. The Electronic Frontier Foundation’s new policy is part of Facebooks new Responsible Disclosure Policy. It allows a reasonable period of time [for Facebook] to respond to the bug] before researchers make it public.
Source: https://threatpost.com/facebook-revises-bug-disclosure-policy-122110/74797/

