Facebook Security

Report a Possible Security Vulnerability

We take user safety seriously and strive to ensure a safe experience for you when you use Facebook. When properly notified, we will quickly investigate all legitimate reports of security vulnerabilities and fix potential problems, and have adopted a responsible disclosure policy to encourage notifications.

If you are a security researcher and you believe you have found a vulnerability, we would like to work with you to investigate it as quickly as possible. Please send us as much information as possible to help us better understand the nature and scope of the possible issue here.

Responsible Disclosure Policy

We encourage security researchers who identify security problems to embrace the practice of notifying website security teams of problems and giving them time to fix the problems before making any information public. To make researchers feel comfortable bringing issues to our attention, we have adopted the following responsible reporting policy: If you share details of a security issue with us and give us a reasonable period of time to respond to it before making it public, and have not conducted research that would violate the terms of our Statement of Rights and Responsibilities, we will not bring any lawsuit against you or ask law enforcement to investigate you for that research.

Thank You

We also recognize that keeping the internet safe is a collaborative effort, and that many people around the world can make valuable contributions. On behalf of our millions of users, we would like to thank the following individuals for going out of their way to make a responsible disclosure to us:

• Mat Henley
• Roger Thompson
• John C. A. Bambenek
• Alexander Sotirov
• Jeff Williams
• Kristopher Tate
• John C Mitchell
• David Bloom
• Chris Barton
• Patrick Maguire
• Arnaud Granal
• Neil Fryer
• Steven Adair
• Stephen Sclafani