Security News > 2020 > September > Facebook to blab bugs it finds if it thinks code owners aren’t fixing fast enough
2020-09-04 06:41
Facebook has published its first Vulnerability Disclosure Policy and given itself grounds to blab the existence of bugs to the world if it thinks that's the right thing to do.
"Facebook may occasionally find critical security bugs or vulnerabilities in third-party code and systems, including open source software," the company writes.
Facebook will evaluate based on our interpretation of the risk to people.
Facebook "Will evaluate each issue on a case-by-case basis based on our interpretation of the risk to people."
The policy isn't wildly different from that used by Google's Project Zero, which also discloses bugs after 90 days and also offers extensions under some circumstances.