Facebook’s bug bounty program has given more than $1M to researchers in 51 countries


Facebook has tapped into the power of crowdsourcing to make the site a safer place and reward researchers willing to help it out to that end.

The social network shelled out more than $1 million over the past couple years to 329 people in 51 countries who reported security problems with the site. The youngest was 13 years old. A couple of those researchers went on to work for the tech giant’s security branch.

The Bug Bounty program was launched in 2011 to reward people who report issues to the site and make it a safer place to hang out online, Facebook Security Engineer Collin Greene says in a note posted to the site’s security blog:

So far the program has been even more successful than we’d anticipated. We’ve paid out more than $1 million in bounties, and have collaborated with researchers from all around the world to stamp out bugs in our products and in our infrastructure.

One-fifth of that went to folks in the United States, the highest percentage for a single country. Nations with the most bounty recipients, in order, are:

  • United States
  • India
  • United Kingdom
  • Turkey
  • Germany

Countries with the fast-growing number of awardees are, in order:

  • United States
  • India
  • Turkey
  • Israel
  • Canada
  • Germany
  • Pakistan, Egypt
  • Brazil
  • Sweden
  • Russia

The single largest reward to date has been $20,000, though there’s no official cap on the bounty size, Greene says. Some researchers earned several bounties, raking in six-figure totals.

This early progress is really encouraging, in no small part because programs like these can have a significant impact on our ability to keep Facebook secure. After all, no matter how much we invest in security – and we invest a lot – we’ll never have all the world’s smartest people on our team and we’ll never be able to think of all the different ways a system as complex as ours might be vulnerable.

Determining a bounty

As the program matures, the company wants to get the word out about how it decides how much to reward a person for their freelance security consulting. Greene says Facebook considers four factors:

  • Impact: Would the glitch let someone hack into private Facebook info? Delete it? Change it? Can it run JavaScript on the site? The more users it affects, the higher the danger and higher the impact … thus the higher reward.
  • Quality of communication: How much detail can you offer? Got any instructions to share on how to re-enact the problem? Can you send easy-to-get instructions, proof and screenshots?
  • Target: Bugs reported about Facebook, Instagram, HHVM and mobile apps are high-value targets, Greene says. And again, the higher the value, the higher the bounty.
  • Secondary damage: If your bug leads to more bugs, it also leads to bigger cash rewards.

Want to become a Bug Bounty hunter?

Click here to find out how.

Image courtesy of Shutterstock.

Creative Social Branding

Mediabistro Course

Creative Social Branding

Starting November 24, learn how to create a social buzz for your brand! You’ll learn how to engage with audiences on social platforms, identify and engage with current trends and influencers, and build an excellent social strategy to amplify your numbers and rate engagement. Register now!


Leave a Reply

Get the latest news in your inbox
interested in advertising with inside facebook?

Social Media Jobs
of the Day

Sr. Editorial Content Manager

New York, NY

Marketing & Social Media Director

New York City / Long Island, NY

Acquisition Marketing Manager, E-Commerce

A Luxury Online Retailer
New York, NY

Social Media Strategist

A Luxury Real Estate Developer
New York, NY

Featured Company

Join leading companies like this one and recruit from the nation's top media job seekers on the Mediabistro Job Board. Every job post comes with our satisfaction guarantee. Learn More

Our Sponsors

Mediabistro A division of Prometheus Global Media home | site map | advertising/sponsorships | careers | contact us | help courses | browse jobs | freelancers | content | member benefits | reprints & permissions terms of use | privacy policy Copyright © 2014 Mediabistro Inc. call (212) 389-2000 or email us