Facebook to warn third-party developers of vulnerable code
Facebook has announced a policy change that will see the company notify third-party developers if it finds a security vulnerability in their code.
In a blog post announcing the change,Facebook said it “may occasionally find” critical bugs and vulnerabilities in third-party code and systems. “When that happens, our priority is to see these issues promptly fixed, while making sure that people impacted are informed so that they can protect themselves by deploying a patch or updating their systems.”
Facebook has previously notified third-party developers of vulnerabilities, but the policy shift formally codifies the company’s policy toward disclosing and revealing security vulnerabilities.
Vulnerability disclosure programs, or VDPs, allow companies to set the rules of engagement for finding and disclosing security bugs. VDPs also help guide the disclosure and publication of vulnerabilities once a bug is fixed. Companies often use a bug bounty to pay hackers who follow the company’s reporting and disclosure rules.
The policy change is not entirely altruistic. Facebook, like many other tech companies, relies on a ton of third-party code and open-source libraries. But by putting the change in writing, it also puts third-party developers on notice if they don’t fix vulnerabilities in a timely fashion.
Casey Ellis, founder and chief technology officer at vulnerability disclosure platform Bugcrowd, said the policy shift was becoming increasingly popular for companies with a “large, user-centric, third-party attack surface,” and echoes similar efforts by Atlassian, Google and Microsoft.
Facebook said when it finds a vulnerability, it will give third-party developers 21 days to respond and 90 days to fix the issues, a widely accepted time frame to report and remediate security issues. The company says it will make a reasonable effort to find the right contact for reporting a vulnerability, including, but not limited to, emailing security reporting emails, filing bugs without confidential details in bug trackers or filing support tickets. But the company said it reserves the right to disclose sooner if the vulnerability is actively being exploited by hackers, or delay its disclosure if it’s agreed that more time is needed to fix an issue.
Facebook said it will generally not sign a non-disclosure agreement (NDA) specific to the security issues it reports.
Katie Moussouris, founder of Luta Security, told TechCrunch that the “devil will be in the details.”
“The test will be the first time they have to pull the trigger and drop a zero-day — with mitigation guidance — on a competitor,” she said, referring to unpatched vulnerabilities where companies have zero days to patch them.
The new policy is focused specifically on how Facebook handles disclosure of issues in third-party code. If researchers find a security vulnerability on Facebook, or within its family of apps, they will continue to report it through the existing Bug Bounty Program.
As part of the policy change, Facebook said it would also disclose vulnerabilities once they are fixed. In a separate blog post, Facebook, which owns WhatsApp, disclosed six vulnerabilities in the messaging app — since fixed.
Facebook Faces Yet Another Outage: Platform Encounters Technical Issues Again
Uppdated: It seems that today’s issues with Facebook haven’t affected as many users as the last time. A smaller group of people appears to be impacted this time around, which is a relief compared to the larger incident before. Nevertheless, it’s still frustrating for those affected, and hopefully, the issues will be resolved soon by the Facebook team.
Facebook had another problem today (March 20, 2024). According to Downdetector, a website that shows when other websites are not working, many people had trouble using Facebook.
This isn’t the first time Facebook has had issues. Just a little while ago, there was another problem that stopped people from using the site. Today, when people tried to use Facebook, it didn’t work like it should. People couldn’t see their friends’ posts, and sometimes the website wouldn’t even load.
Downdetector, which watches out for problems on websites, showed that lots of people were having trouble with Facebook. People from all over the world said they couldn’t use the site, and they were not happy about it.
When websites like Facebook have problems, it affects a lot of people. It’s not just about not being able to see posts or chat with friends. It can also impact businesses that use Facebook to reach customers.
Since Facebook owns Messenger and Instagram, the problems with Facebook also meant that people had trouble using these apps. It made the situation even more frustrating for many users, who rely on these apps to stay connected with others.
During this recent problem, one thing is obvious: the internet is always changing, and even big websites like Facebook can have problems. While people wait for Facebook to fix the issue, it shows us how easily things online can go wrong. It’s a good reminder that we should have backup plans for staying connected online, just in case something like this happens again.
Christian family goes in hiding after being cleared of blasphemy
LAHORE, Pakistan — A court in Pakistan granted bail to a Christian falsely charged with blasphemy, but he and his family have separated and gone into hiding amid threats to their lives, sources said.
Haroon Shahzad, 45, was released from Sargodha District Jail on Nov. 15, said his attorney, Aneeqa Maria. Shahzad was charged with blasphemy on June 30 after posting Bible verses on Facebook that infuriated Muslims, causing dozens of Christian families in Chak 49 Shumaali, near Sargodha in Punjab Province, to flee their homes.
Lahore High Court Judge Ali Baqir Najfi granted bail on Nov. 6, but the decision and his release on Nov. 15 were not made public until now due to security fears for his life, Maria said.
Shahzad told Morning Star News by telephone from an undisclosed location that the false accusation has changed his family’s lives forever.
“My family has been on the run from the time I was implicated in this false charge and arrested by the police under mob pressure,” Shahzad told Morning Star News. “My eldest daughter had just started her second year in college, but it’s been more than four months now that she hasn’t been able to return to her institution. My other children are also unable to resume their education as my family is compelled to change their location after 15-20 days as a security precaution.”
Though he was not tortured during incarceration, he said, the pain of being away from his family and thinking about their well-being and safety gave him countless sleepless nights.
“All of this is due to the fact that the complainant, Imran Ladhar, has widely shared my photo on social media and declared me liable for death for alleged blasphemy,” he said in a choked voice. “As soon as Ladhar heard about my bail, he and his accomplices started gathering people in the village and incited them against me and my family. He’s trying his best to ensure that we are never able to go back to the village.”
Shahzad has met with his family only once since his release on bail, and they are unable to return to their village in the foreseeable future, he said.
“We are not together,” he told Morning Star News. “They are living at a relative’s house while I’m taking refuge elsewhere. I don’t know when this agonizing situation will come to an end.”
The Christian said the complainant, said to be a member of Islamist extremist party Tehreek-e-Labbaik Pakistan and also allegedly connected with banned terrorist group Lashkar-e-Jhangvi, filed the charge because of a grudge. Shahzad said he and his family had obtained valuable government land and allotted it for construction of a church building, and Ladhar and others had filed multiple cases against the allotment and lost all of them after a four-year legal battle.
“Another probable reason for Ladhar’s jealousy could be that we were financially better off than most Christian families of the village,” he said. “I was running a successful paint business in Sargodha city, but that too has shut down due to this case.”
Regarding the social media post, Shahzad said he had no intention of hurting Muslim sentiments by sharing the biblical verse on his Facebook page.
“I posted the verse a week before Eid Al Adha [Feast of the Sacrifice] but I had no idea that it would be used to target me and my family,” he said. “In fact, when I came to know that Ladhar was provoking the villagers against me, I deleted the post and decided to meet the village elders to explain my position.”
The village elders were already influenced by Ladhar and refused to listen to him, Shahzad said.
“I was left with no option but to flee the village when I heard that Ladhar was amassing a mob to attack me,” he said.
Shahzad pleaded with government authorities for justice, saying he should not be punished for sharing a verse from the Bible that in no way constituted blasphemy.
Similar to other cases
Shahzad’s attorney, Maria, told Morning Star News that events in Shahzad’s case were similar to other blasphemy cases filed against Christians.
“Defective investigation, mala fide on the part of the police and complainant, violent protests against the accused persons and threats to them and their families, forcing their displacement from their ancestral areas, have become hallmarks of all blasphemy allegations in Pakistan,” said Maria, head of The Voice Society, a Christian paralegal organization.
She said that the case filed against Shahzad was gross violation of Section 196 of the Criminal Procedure Code (CrPC), which states that police cannot register a case under the Section 295-A blasphemy statute against a private citizen without the approval of the provincial government or federal agencies.
Maria added that Shahzad and his family have continued to suffer even though there was no evidence of blasphemy.
“The social stigma attached with a blasphemy accusation will likely have a long-lasting impact on their lives, whereas his accuser, Imran Ladhar, would not have to face any consequence of his false accusation,” she said.
The judge who granted bail noted that Shahzad was charged with blasphemy under Section 295-A, which is a non-cognizable offense, and Section 298, which is bailable. The judge also noted that police had not submitted the forensic report of Shahzad’s cell phone and said evidence was required to prove that the social media was blasphemous, according to Maria.
Bail was set at 100,000 Pakistani rupees (US $350) and two personal sureties, and the judge ordered police to further investigate, she said.
Shahzad, a paint contractor, on June 29 posted on his Facebook page 1 Cor. 10:18-21 regarding food sacrificed to idols, as Muslims were beginning the four-day festival of Eid al-Adha, which involves slaughtering an animal and sharing the meat.
A Muslim villager took a screenshot of the post, sent it to local social media groups and accused Shahzad of likening Muslims to pagans and disrespecting the Abrahamic tradition of animal sacrifice.
Though Shahzad made no comment in the post, inflammatory or otherwise, the situation became tense after Friday prayers when announcements were made from mosque loudspeakers telling people to gather for a protest, family sources previously told Morning Star News.
Fearing violence as mobs grew in the village, most Christian families fled their homes, leaving everything behind.
In a bid to restore order, the police registered a case against Shahzad under Sections 295-A and 298. Section 295-A relates to “deliberate and malicious acts intended to outrage religious feelings of any class by insulting its religion or religious beliefs” and is punishable with imprisonment of up to 10 years and fine, or both. Section 298 prescribes up to one year in prison and a fine, or both, for hurting religious sentiments.
Pakistan ranked seventh on Open Doors’ 2023 World Watch List of the most difficult places to be a Christian, up from eighth the previous year.
Morning Star News is the only independent news service focusing exclusively on the persecution of Christians. The nonprofit’s mission is to provide complete, reliable, even-handed news in order to empower those in the free world to help persecuted Christians, and to encourage persecuted Christians by informing them that they are not alone in their suffering.
Free Religious Freedom Updates
Join thousands of others to get the FREEDOM POST newsletter for free, sent twice a week from The Christian Post.
Individual + Team Stats: Hornets vs. Timberwolves
CHARLOTTE HORNETS MINNESOTA TIMBERWOLVES You can follow us for future coverage by liking us on Facebook & following us on X: Facebook – All Hornets X – …
Source link