Facebook’s bug bounty program has given more than $1M to researchers in 51 countries

shutterstock_82383217

Facebook has tapped into the power of crowdsourcing to make the site a safer place and reward researchers willing to help it out to that end.

The social network shelled out more than $1 million over the past couple years to 329 people in 51 countries who reported security problems with the site. The youngest was 13 years old. A couple of those researchers went on to work for the tech giant’s security branch.

The Bug Bounty program was launched in 2011 to reward people who report issues to the site and make it a safer place to hang out online, Facebook Security Engineer Collin Greene says in a note posted to the site’s security blog:

So far the program has been even more successful than we’d anticipated. We’ve paid out more than $1 million in bounties, and have collaborated with researchers from all around the world to stamp out bugs in our products and in our infrastructure.

One-fifth of that went to folks in the United States, the highest percentage for a single country. Nations with the most bounty recipients, in order, are:

  • United States
  • India
  • United Kingdom
  • Turkey
  • Germany

Countries with the fast-growing number of awardees are, in order:

  • United States
  • India
  • Turkey
  • Israel
  • Canada
  • Germany
  • Pakistan, Egypt
  • Brazil
  • Sweden
  • Russia

The single largest reward to date has been $20,000, though there’s no official cap on the bounty size, Greene says. Some researchers earned several bounties, raking in six-figure totals.

This early progress is really encouraging, in no small part because programs like these can have a significant impact on our ability to keep Facebook secure. After all, no matter how much we invest in security – and we invest a lot – we’ll never have all the world’s smartest people on our team and we’ll never be able to think of all the different ways a system as complex as ours might be vulnerable.

Determining a bounty

As the program matures, the company wants to get the word out about how it decides how much to reward a person for their freelance security consulting. Greene says Facebook considers four factors:

  • Impact: Would the glitch let someone hack into private Facebook info? Delete it? Change it? Can it run JavaScript on the site? The more users it affects, the higher the danger and higher the impact … thus the higher reward.
  • Quality of communication: How much detail can you offer? Got any instructions to share on how to re-enact the problem? Can you send easy-to-get instructions, proof and screenshots?
  • Target: Bugs reported about Facebook, Instagram, HHVM and mobile apps are high-value targets, Greene says. And again, the higher the value, the higher the bounty.
  • Secondary damage: If your bug leads to more bugs, it also leads to bigger cash rewards.

Want to become a Bug Bounty hunter?

Click here to find out how.

Image courtesy of Shutterstock.

Social Media 101

Mediabistro Course

Social Media 101

Get hands-on social media training for beginners in our online boot camp, Social Media 101! Starting September 4, social media and marketing experts will teach you the best practices to be successful on social. Register before July 31 to get $50 OFF with early bird pricing. Register now!

 

Leave a Reply

Get the latest news in your inbox
interested in advertising with inside facebook?

Social Media Jobs
of the Day

Web Developers / Web Designers

Entertainment Website
New York, NY

Search Marketing Analyst

Greater Than One, Inc.
New York, NY

Director, Digital Advertising Operations

re:fuel agency
Cranbury, NY

UI Designer

Healthx, Inc.
Indianapolis, IN

Featured Company

Join leading companies like this one and recruit from the nation's top media job seekers on the Mediabistro Job Board. Every job post comes with our satisfaction guarantee. Learn More
 

Our Sponsors

Also from Inside Network:   AppData - Facebook & iOS Application Stats   PageData - Engagement Data on Facebook Pages   Facebook Marketing Bible   Inside Network Research
 
home | site map | advertising/sponsorships | about | careers | contact us | help courses | browse jobs | freelancers | events | forums | content | member benefits | reprints & permissions terms of use | privacy policy Copyright © 2014 Mediabistro Inc. call (212) 389-2000 or email us