Facebook to warn third-party developers of vulnerable code
Facebook has announced a policy change that will see the company notify third-party developers if it finds a security vulnerability in their code.
In a blog post announcing the change,Facebook said it “may occasionally find” critical bugs and vulnerabilities in third-party code and systems. “When that happens, our priority is to see these issues promptly fixed, while making sure that people impacted are informed so that they can protect themselves by deploying a patch or updating their systems.”
Facebook has previously notified third-party developers of vulnerabilities, but the policy shift formally codifies the company’s policy toward disclosing and revealing security vulnerabilities.