Connect with us

FACEBOOK

Facebook to warn third-party developers of vulnerable code

Published

on

Facebook has announced a policy change that will see the company notify third-party developers if it finds a security vulnerability in their code.

In a blog post announcing the change,Facebook said it “may occasionally find” critical bugs and vulnerabilities in third-party code and systems. “When that happens, our priority is to see these issues promptly fixed, while making sure that people impacted are informed so that they can protect themselves by deploying a patch or updating their systems.”

Facebook has previously notified third-party developers of vulnerabilities, but the policy shift formally codifies the company’s policy toward disclosing and revealing security vulnerabilities.

Vulnerability disclosure programs, or VDPs, allow companies to set the rules of engagement for finding and disclosing security bugs. VDPs also help guide the disclosure and publication of vulnerabilities once a bug is fixed. Companies often use a bug bounty to pay hackers who follow the company’s reporting and disclosure rules.

The policy change is not entirely altruistic. Facebook, like many other tech companies, relies on a ton of third-party code and open-source libraries. But by putting the change in writing, it also puts third-party developers on notice if they don’t fix vulnerabilities in a timely fashion.

Casey Ellis, founder and chief technology officer at vulnerability disclosure platform Bugcrowd, said the policy shift was becoming increasingly popular for companies with a “large, user-centric, third-party attack surface,” and echoes similar efforts by Atlassian, Google and Microsoft.

Facebook said when it finds a vulnerability, it will give third-party developers 21 days to respond and 90 days to fix the issues, a widely accepted time frame to report and remediate security issues. The company says it will make a reasonable effort to find the right contact for reporting a vulnerability, including, but not limited to, emailing security reporting emails, filing bugs without confidential details in bug trackers or filing support tickets. But the company said it reserves the right to disclose sooner if the vulnerability is actively being exploited by hackers, or delay its disclosure if it’s agreed that more time is needed to fix an issue.

Facebook said it will generally not sign a non-disclosure agreement (NDA) specific to the security issues it reports.

Katie Moussouris, founder of Luta Security, told TechCrunch that the “devil will be in the details.”

Advertisement

“The test will be the first time they have to pull the trigger and drop a zero-day — with mitigation guidance — on a competitor,” she said, referring to unpatched vulnerabilities where companies have zero days to patch them.

The new policy is focused specifically on how Facebook handles disclosure of issues in third-party code. If researchers find a security vulnerability on Facebook, or within its family of apps, they will continue to report it through the existing Bug Bounty Program.

As part of the policy change, Facebook said it would also disclose vulnerabilities once they are fixed. In a separate blog post, Facebook, which owns WhatsApp, disclosed six vulnerabilities in the messaging app — since fixed.

TechCrunch

FACEBOOK

5 Effective Ways to Run Facebook Ads A/B Tests

Published

on

Testing-and-Scaling-Facebook-Ads

Facebook Ads A/B Tests or split tests help them try different versions of ads with various campaign elements. This process helps them arrive at the best version for the organization’s target. 

A/B Tests offer a vast pool of resources to try out various versions. You may get caught up and lose your way to arriving at the best version in a limited time. To better understand this topic you can read the Facebook ad testing guide. Here are five effective ways to run Facebook Ads A/B Tests-

1) Start with the minimal number of variables

This approach will help you analyze the impact of a variable much better. The lesser the variables, the better will be the relevant results and more conclusive. Once you have various versions, you will need to run them through the A/B Significance Test to determine if the test results are valid.

2) The second way is to select the correct structure. 

There are two structures in A/B tests. One is a single ad test, and the other is multiple single variation ad sets. All the variations will go under one ad set in the first structure. Each variation will be under a separate ad set in the second one. Out of the two, the second one works out to be better and gives better results.

3) Use of spreadsheets is important to stay organized. 

Advertisement

These spreadsheets help collect and analyze data to get meaningful insights and arrive at data-backed decisions.

4) Do target advertising and set realistic time goals. 

One approach is to choose an entirely new set of audiences. Also, the data pool should be vast and not the same as some existing campaigns. The reason for choosing a different audience is that Facebook may mix up your ads and give contaminated output. 

Another approach to choosing the right audience is to pick geography. It works better, especially when you have business in a particular region.   

It’s also essential to set a realistic timeline for your testing. Facebook suggests one should run a test for at least four days, but you can choose to run the test for up to 30 days.   

5) Set an ideal budget. 

The concept of a perfect budget is subjective. But, you can fix it yourself, or Facebook can do that for you based on your testing data. A large part of the test budget is spent on avoiding audience duplication. If the same audience sees variations, it could affect the test results.

Besides these top five effective ideas, you will need to take a few more action points to make the testing process efficient. Make sure you put the website’s domain link and not the landing page link in the ad, as that doesn’t look good. Put appropriate Call To Action Button, such as ‘Learn More,’ ‘Buy Now,’ etc. It’s also important to see how your ad is coming across on various electronic gadgets- mobile, tablets, etc.

Advertisement

Another strategy that works is trying to engage the customer. You may add social engagement buttons such as ‘Like’ or ‘Comment.’ Use high-resolution images as they work better with the customers. Low-quality, highly edited images are often not liked and trusted by the consumers.

You can learn more about the audience behavior patterns with A/B test results. Conducting these tests on Facebook streamlines the entire process and makes it smooth for you. With the test results, advertisers and marketers can work on the creatives they need to utilize.

To sum it up, you can run an effective A/B test campaign within the specified budget. You don’t need to spend massive amounts to get your advertisement right. You’ll make the correct assumptions about the performance of variations with a good understanding of business and consumers.

Source link

Continue Reading

DON'T MISS ANY IMPORTANT NEWS!
Subscribe To our Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

Trending

en_USEnglish