Silva, Reginaldo, “XXE in OpenID: One Bug to Rule Them All, or How I Found a Remote Code Execution Flaw Affecting Facebook’s Servers”, personal website, January 16, 2014, http://www.ubercomp.com/posts/2014–01–16_facebook_remote_code_execution; “We Recently Awarded Our Biggest Bug Bounty Payout Ever”, Facebook Bug Bounty blog, January 22, 2014, https://www.facebook.com/BugBounty/posts/778897822124446.
