Facebook has recently taken numerous security steps toward enhancing app security. These include the launch of a dedicated advisory web page for WhatsApp and the announcement of the Facebook Vulnerability Disclosure Policy for third-party systems.

Facebook’s New Vulnerability Disclosure Policy

Recently, Facebook has announced and implemented a new Vulnerability Disclosure Policy (VDP) for third-party systems. This policy elaborates on how Facebook will proceed with reporting and disclosing bugs that it spots in any third-party apps and open-source projects.

As detailed, Facebook expects to hear back on its bug report from the other party within 21 days from initial disclosure. In case of failure to do so, Facebook reserves the right to disclose the vulnerability publicly.

We expect the third party to respond within 21 days to let us know how the issue is being mitigated to protect the impacted people. If we don’t hear back within 21 days after reporting, Facebook reserves the right to disclose the vulnerability.

Likewise, Facebook implements a 90-day disclosure period that will lead to public disclosure of bugs in case of no fix.

If within 90 days after reporting there is no fix or update indicating the issue is being addressed in a reasonable manner, Facebook will disclose the vulnerability.

Though, Facebook has also elaborated that it may deviate from these conditions under certain circumstances. For example, an urgent or actively exploited bug may lead to quick disclosure. Likewise, Facebook may delay the disclosure if required.

Separate WhatsApp Advisory Page

Facebook’s third-party vulnerability disclosure policy arrives alongside another upgrade. Facebook has launched a dedicated advisory page for WhatsApp to disclose all WhatsApp related bugs.

According to Facebook, this step would help the security community to know of the bugs,

Announcing this step in a blog post, the tech giant stated,

Due to the policies and practices of app stores, we cannot always list security advisories within app release notes. This advisory page provides a comprehensive list of WhatsApp security updates and associated Common Vulnerabilities and Exposures (CVE).

Simultaneously, Facebook has also urged users to update their WhatsApp apps whenever updates are available to stay safe.

In August, Facebook has also open-sourced its internal security tool Pysa for us with other frameworks.

The following two tabs change content below.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Source link