Today in APIs: Facebook Doubles Bug Bounty for Advertising

Facebook ponies up even more for developers finding bugs. Apple squeezes out more performance with Metal. Plus: Stitch engineers win $1 million Salesforce hackathon, and tips on creating APIs from Netbean's creator.

Facebook Calls for Developers to Find Advertising Bugs

Facebook has announced that it is doubling the bounty it pays for bugs. That may come as a surprise: if any organization has earned the right to decide they can do it all themselves, surely Facebook is big enough to say they need no help, especially when much smaller companies seem intent on going alone. (Did someone say, Snapchat?)

Instead of brash self confidence, what we get from Facebook is a model of humility that others could learn from. As Facebook Security Engineer Collin Greene wrote in a blog post, potentially malicious vulnerabilities have already been identified and fixed:

Starting today and extending through the end of 2014, all Whitehat bugs in our ads code will receive double bounties. We recently completed a comprehensive security audit of this area ourselves. We found and fixed a number of security bugs but would like to encourage additional scrutiny from Whitehats to see what we might have missed. Also, since the vast majority of bug reports we work on with the Whitehat community are focused on the more common parts of Facebook code, we hope to encourage researchers to become more familiar with the surface area of ads to better protect the businesses that use them.

Translation: Even though we work hard at security, we know we are vulnerable, we will pay for your help. The rest of the post has Resource links to learn more about the roles that ads have and enforce, among other issues, all designed to give the bounty hunter the tools needed to saddle up and lead the charge.

Apple Gets its Game on with the Metal API

Apple's new Metal API is designed to make games work faster, smoother, by taking advantage of the chips in its latest hardware offerings. It's a replacement of OpenGL ES in iOS 7. As Curtis Moldrich explains in The Telegraph, Metal is all about taking advantage of Apple's new A8 and A8X chips:

Allowing game designers to get closer to the hardware or “metal” of the device, Apple’s new API allows better CPU and GPU synergy, and boasts draw call rates up to ten times faster than in iOS 7 for faster response times. What’s more, Metal's console-like graphics actually use less system resources, so they’re kinder to your battery life.

That means users have to have the iPad Air 2 or the iPhone 6/6Plus to reap the benefits, the only hardware that uses those chips, at the moment.

API News You Shouldn't Miss

Be sure to read the next Security article: COWL Project Promises to Better Secure JavaScript Applications