This morning I was in a discussion about bounty prices and what goes into costing a bug. I came across a good mental model for the exploit market and how zero day bugs are priced.
Security teams generally have a bad reputation within most companies. They are known to be anti-innovation, bureaucratic, and most teams hesitate to contact them.
Here at Facebook, we want our engineers to be able to "Move Fast and Break Things" and not avoid our team at all costs. To do that we...
I plan on doing a series of posts on how FB Security helps promote a strong culture of vigilance within Facebook.
Several years ago we decided to build a month long campaign inspired by National Cyber Security Awareness Month to build an appreciation for Facebook's Security team, as opposed to f...