https://techcrunch.com/2020/09/03/facebook-vulnerable-code/

Facebook has announced a policy change that will see the company notify third-party developers if it finds a security vulnerability in their code.

Facebook said it “may occasionally find” critical bugs and vulnerabilities in third-party code and systems, in a blog post announcing the change. “When that happens, our priority is to see these issues promptly fixed, while making sure that people impacted are informed so that they can protect themselves by deploying a patch or updating their systems.”