Facebook has recently taken numerous security steps toward enhancing app security. These include the launch of a dedicated advisory web page for WhatsApp and the announcement of the Facebook Vulnerability Disclosure Policy for third-party systems.
Recently, Facebook has announced and implemented a new Vulnerability Disclosure Policy (VDP) for third-party systems. This policy elaborates on how Facebook will proceed with reporting and disclosing bugs that it spots in any third-party apps and open-source projects.
As detailed , Facebook expects to hear back on its bug report from the other party within 21 days from initial disclosure. In case of failure to do so, Facebook reserves the right to disclose the vulnerability publicly.
We expect the third party to respond within 21 days to let us know how the issue is being mitigated to protect the impacted people. If we don’t hear back within 21 days after reporting, Facebook reserves the right to disclose the vulnerability.
Likewise, Facebook implements a 90-day disclosure period that will lead to public disclosure of bugs in case of no fix.
If within 90 days after reporting there is no fix or update indicating the issue is being addressed in a reasonable manner, Facebook will disclose the vulnerability.
Though, Facebook has also elaborated that it may deviate from these conditions under certain circumstances. For example, an urgent or actively exploited bug may lead to quick disclosure. Likewise, Facebook may delay the disclosure if required.
Facebook’s third-party vulnerability disclosure policy arrives alongside another upgrade. Facebook has launched a dedicated advisory page for WhatsApp to disclose all WhatsApp related bugs.
According to Facebook, this step would help the security community to know of the bugs,
Announcing this step in a blog post , the tech giant stated,
Due to the policies and practices of app stores, we cannot always list security advisories within app release notes. This advisory page provides a comprehensive list of WhatsApp security updates and associated Common Vulnerabilities and Exposures (CVE).
Simultaneously, Facebook has also urged users to update their WhatsApp apps whenever updates are available to stay safe.
In August, Facebook has also open-sourced its internal security tool Pysa for us with other frameworks.
- Packet Fingerprinting with Wireshark and Detecting NMap Scans cvv sites, cvv store
- Кандидат в президенты США рассказал о своем хакерском прошлом cvvstore, valid cc shop
- Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances buy cvv, feshop cc
- European Banking Authority victim in Microsoft Exchange Server hack dump shop, buying cvv
- Starting an InfoSec Career – The Megamix – Chapter 6 cvv dump, credit card dumps
Recent CommentsNo comments to show.