{"data":{"text":{"delight_ranges":[],"image_ranges":[],"inline_style_ranges":[{"length":12,"offset":0,"inline_style":"HEADLINE2"},{"length":428,"offset":12,"inline_style":"PARAGRAPH"},{"length":42,"offset":440,"inline_style":"HEADLINE2"},{"length":296,"offset":482,"inline_style":"PARAGRAPH"},{"length":180,"offset":778,"inline_style":"PARAGRAPH"},{"length":270,"offset":958,"inline_style":"PARAGRAPH"},{"length":236,"offset":1228,"inline_style":"PARAGRAPH"},{"length":10,"offset":1464,"inline_style":"HEADLINE2"},{"length":143,"offset":1474,"inline_style":"PARAGRAPH"},{"length":270,"offset":1617,"inline_style":"UNORDEREDLIST"},{"length":162,"offset":1617,"inline_style":"LISTITEM"},{"length":108,"offset":1779,"inline_style":"LISTITEM"},{"length":174,"offset":1887,"inline_style":"PARAGRAPH"},{"length":46,"offset":2061,"inline_style":"PARAGRAPH"},{"length":1135,"offset":2107,"inline_style":"UNORDEREDLIST"},{"length":241,"offset":2107,"inline_style":"LISTITEM"},{"length":103,"offset":2245,"inline_style":"UNORDEREDLIST"},{"length":103,"offset":2245,"inline_style":"LISTITEM"},{"length":210,"offset":2348,"inline_style":"LISTITEM"},{"length":138,"offset":2420,"inline_style":"UNORDEREDLIST"},{"length":138,"offset":2420,"inline_style":"LISTITEM"},{"length":684,"offset":2558,"inline_style":"LISTITEM"},{"length":605,"offset":2637,"inline_style":"UNORDEREDLIST"},{"length":246,"offset":2637,"inline_style":"LISTITEM"},{"length":359,"offset":2883,"inline_style":"LISTITEM"},{"length":44,"offset":3242,"inline_style":"HEADLINE2"},{"length":171,"offset":3286,"inline_style":"PARAGRAPH"},{"length":347,"offset":3457,"inline_style":"UNORDEREDLIST"},{"length":56,"offset":3457,"inline_style":"LISTITEM"},{"length":103,"offset":3513,"inline_style":"LISTITEM"},{"length":95,"offset":3616,"inline_style":"LISTITEM"},{"length":93,"offset":3711,"inline_style":"LISTITEM"},{"length":86,"offset":3804,"inline_style":"PARAGRAPH"},{"length":137,"offset":3890,"inline_style":"PARAGRAPH"},{"length":21,"offset":4027,"inline_style":"HEADLINE2"},{"length":89,"offset":4048,"inline_style":"PARAGRAPH"},{"length":884,"offset":4137,"inline_style":"UNORDEREDLIST"},{"length":188,"offset":4137,"inline_style":"LISTITEM"},{"length":154,"offset":4325,"inline_style":"LISTITEM"},{"length":57,"offset":4479,"inline_style":"LISTITEM"},{"length":258,"offset":4536,"inline_style":"LISTITEM"},{"length":227,"offset":4794,"inline_style":"LISTITEM"},{"length":15,"offset":5021,"inline_style":"HEADLINE2"},{"length":241,"offset":5036,"inline_style":"PARAGRAPH"}],"aggregated_ranges":[],"ranges":[{"entity":{"__typename":"ExternalUrl","__isEntity":"ExternalUrl","url":"https://www.facebook.com/whitehat/report/","external_url":"https://www.facebook.com/whitehat/report/","__isWebLinkable":"ExternalUrl","web_link":{"__typename":"ExternalWebLink","url":"https://www.facebook.com/whitehat/report/","fbclid":null,"lynx_mode":"ASYNCLAZY"},"mobileUrl":"https://www.facebook.com/whitehat/report/","__isNode":"ExternalUrl","id":"NjQyMTgzOTU5MjA4MTA3Omh0dHBzXGEvL3d3dy5mYWNlYm9vay5jb20vd2hpdGVoYXQvcmVwb3J0Lzo6Ojo6"},"entity_is_weak_reference":false,"length":22,"offset":2195},{"entity":{"__typename":"ExternalUrl","__isEntity":"ExternalUrl","url":"https://www.facebook.com/whitehat/fbdl/runs/","external_url":"https://www.facebook.com/whitehat/fbdl/runs/","__isWebLinkable":"ExternalUrl","web_link":{"__typename":"ExternalWebLink","url":"https://www.facebook.com/whitehat/fbdl/runs/","fbclid":null,"lynx_mode":"ASYNCLAZY"},"mobileUrl":"https://www.facebook.com/whitehat/fbdl/runs/","__isNode":"ExternalUrl","id":"NjQyMTgzOTU5MjA4MTA3Omh0dHBzXGEvL3d3dy5mYWNlYm9vay5jb20vd2hpdGVoYXQvZmJkbC9ydW5zLzo6Ojo6"},"entity_is_weak_reference":false,"length":12,"offset":2231},{"entity":{"__typename":"ExternalUrl","__isEntity":"ExternalUrl","url":"https://l.facebook.com/l.php?u=https\u00253A\u00252F\u00252Fbugbounty.meta.com\u00252Fterms&h=AT2CRC9wO2S9osBn4nHbShxMOBpw6OJoElFBpTwAo2Pwk6221d69Lez5pHkouhTy9cElYL_1ROQbhcakq3xN1-CbKeL_hiUCZzYsis2Bh6iMyKgBVRR4ncEDLRfuLTXfxrcDBiCO14gpxLire2NJCu3nCg&s=1","external_url":"https://l.facebook.com/l.php?u=https\u00253A\u00252F\u00252Fbugbounty.meta.com\u00252Fterms&h=AT3GHENeN-tGS_wxW69W2_aIWLyQiK72woiAQ3xWZj_RpiBsYGnjBY3Atd1YY3uXam9C4QhAnB1Z8EFcbUnKsMEiANnhoC3te24HI4ree--2L4Hrxu0VqBG2E2fXaTMKa6LFOQ8KvbuxDc-m2z1TiQEFIAo","__isWebLinkable":"ExternalUrl","web_link":{"__typename":"ExternalWebLink","url":"https://l.facebook.com/l.php?u=https\u00253A\u00252F\u00252Fbugbounty.meta.com\u00252Fterms&h=AT3GHENeN-tGS_wxW69W2_aIWLyQiK72woiAQ3xWZj_RpiBsYGnjBY3Atd1YY3uXam9C4QhAnB1Z8EFcbUnKsMEiANnhoC3te24HI4ree--2L4Hrxu0VqBG2E2fXaTMKa6LFOQ8KvbuxDc-m2z1TiQEFIAo","fbclid":null,"lynx_mode":"ASYNCLAZY"},"mobileUrl":"https://lm.facebook.com/l.php?u=https\u00253A\u00252F\u00252Fbugbounty.meta.com\u00252Fterms&h=AT0jeH8k4J8d9_MZkZOR89WntqKVd02CSZaFhN9KZlvpwoTmizQsI9jyy8VQbFu6v-DF_eiAM7DIIvbaX0h15WqSHYWGruOhRl6H7Kerkj_REwjfKoWF_dPGjp9ThKqVfVLInIWxppgd8oaanS_9jdXVSQ&s=1","__isNode":"ExternalUrl","id":"NjQyMTgzOTU5MjA4MTA3Omh0dHBzXGEvL2wuZmFjZWJvb2suY29tL2wucGhwP3U9aHR0cHMlM0ElMkYlMkZidWdib3VudHkubWV0YS5jb20lMkZ0ZXJtcyZoPUFUM0dIRU5lTi10R1NcYnd4VzY5VzJcYmFJV0x5UWlLNzJ3b2lBUTN4V1pqXGJScGlCc1lHbmpCWTNBdGQxWVkzdVhhbTlDNFFoQW5CMVo4RUZjYlVuS3NNRWlBTm5ob0MzdGUyNEhJNHJlZS0tMkw0SHJ4dTBWcUJHMkUyZlhhVE1LYTZMRk9ROEt2YnV4RGMtbTJ6MVRpUUVGSUFvOjo6Ojo="},"entity_is_weak_reference":false,"length":24,"offset":4069},{"entity":{"__typename":"ExternalUrl","__isEntity":"ExternalUrl","url":"mailto:bugbounty\u0040meta.com","external_url":"mailto:bugbounty\u0040meta.com","__isWebLinkable":"ExternalUrl","web_link":{"__typename":"ExternalWebLink","url":"mailto:bugbounty\u0040meta.com","fbclid":null,"lynx_mode":"ASYNCLAZY"},"mobileUrl":"mailto:bugbounty\u0040meta.com","__isNode":"ExternalUrl","id":"NjQyMTgzOTU5MjA4MTA3Om1haWx0b1xhYnVnYm91bnR5QG1ldGEuY29tOjo6Ojo="},"entity_is_weak_reference":false,"length":18,"offset":4256}],"color_ranges":[],"text":"Introduction FBDL is a tool designed to help you quickly and efficiently setup security bug reproduction steps using a standard \u201cbug\u201d description language. FBDL is a solution to the long standing challenge of reproducing the scenarios needed to demonstrate security issues. The content provided here is intended to help researchers better understand FBDL\u2019s features, how it works, and how to use it to their advantage when submitting bugs. Why do we need a Bug Description Language? There is a lot of time spent between you (Meta Bug Bounty researchers) and internal Security teams during the bug reproduction process. We have found that a lot of time was spent going back and forth to try and understand the context and setup of the bugs. This is why we created the FBDL tool. With FBDL, we now have a unified and consistent language to make reproducing the setup needed to demonstrate a bug as easy as a click (e.g.: click \"Submit\" from within the tool). After a bug is verified, we work with our product teams to fix it. Once the fix is ready, we then need to verify that the bug is properly patched. The FBDL tool helps at this point as well, as it will ensure the same procedure is followed through the bug\u2019s life cycle. The FBDL tool will limit the amount of back and forth over the Bug Bounty portal/email, saving you time to work on finding additional bugs. Faster time to triage that is inclusive of reproduction often results in faster pay out times. FDBL Bonus To encourage the use of FBDL, we are offering a 20\u0025 bonus up to $500 for eligible bug reports that include a useful FBDL script. For example: A report awarded $500 (USD) that included a useful FBDL script for the reproduction, will receive a $50 FBDL bonus on top of other bonuses and main reward amount.A report awarded $2500 that included a useful FBDL script for the reproduction, will receive $500 FBDL bonus This bonus is designed to reward researchers who help streamline the reproduction and validation process by providing clear, actionable FBDL scripts with their submissions. To be eligible for the FBDL bonus, you must: Link the complete FBDL run to use with your bug bounty report, you can do that from the bug bounty report form, or from the FBDL tool UI. Draft FBDL scripts or failed runs that were not successfully used for bug reproduction will be ignored.The linked FBDL run must be useful for the reproduction of your report. If for some reason the reported vulnerability doesn\u2019t reproduce with the FBDL assets in your run, you will not be eligible for this bonus.Your linked FBDL run must automate as much as it can the reproduction process. For example, if a vulnerability reproduction can be automated up to 50\u0025 with current FBDL features and capabilities, but you provided a FBDL run that only automates the first 10\u0025 of the reproduction steps, you will not be eligible for this bonus.We are aware that FBDL features and capabilities cannot reproduce 100\u0025 of all vulnerabilities, what matters is that you use it as much as possible in the reproduction process, some vulnerabilities may be automatically reproducible only at 10\u0025 with FBDL and some others 90\u0025, in both cases, as long as you use FBDL as much as you can you will receive the bonus.FBDL Eligibility: How to get access to FBDL? Access to FBDL is granted to researchers that we consider an active member of our community. Therefore who meet any of the following criteria in the last year timeframe: Recent Valid Submission: You have submitted a valid bug.Private Bounty Program Participation: You were invited to and participated in a private bounty program.Live Hacking Event Participation: You were invited to and participated in a live hacking event.Bonus Coupon Redemption: You have redeemed a bonus coupon distributed during our engagements. If you meet any of these criteria, you will automatically be granted access to FBDL. Note that we reserve the right to revoke any FBDL access at any time, for example in case of misuse of the FBDL tool, or bad behaviors. FBDL usage guidelines Meta program terms (bugbounty.meta.com/terms) apply to the usage of FBDL, additionally: Request Support or Features: Use the dedicated support channels (preferably our community slack channel, alternatively bugbounty\u0040meta.com) to ask questions or suggest improvements to FBDL.Focus on Utility: The most valuable FBDL scripts are those that genuinely help reproduce the vulnerability and can be used by others without modification.Do not use FBDL for other purposes than security testing.Do not attempt to use FBDL assets to interact with other users or assets. FBDL is designed to block those interactions, however, like you must use users and assets that you control to reproduce vulnerabilities, you must do that also with FBDL created assets.Do not actively test against the FBDL tool itself, this can potentially disrupt how the tool operates for you and other users. However, if you notice an issue or a bug with FBDL, please report it via dedicated support channels.Run Limitations There is a limit to the number of active FBDL runs that you can have. Once you have reached this limit, you must archive or delete a run before you can create a new one. Currently this limit is 50 runs, this limit may change in the future. "}},"extensions":{"is_final":true}}