Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

you are right, facebook had lots of CSRF previously, it is obvious they don't take basic security seriously


it is obvious they don't take basic security seriously

I would disagree.

For a very actively developed web site, it takes very good focus to not trip up. Having a bounty program is an indication to me that they take security seriously. Fixing a security bug in a matter of hours indicates to me that they take security seriously.


Amount and stupidness of bugs in fb says otherwise




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: