Facebook said it has paid over $1 million in the past two years to security researchers as part of its Bug Bounty Program. Security researchers in India received the second biggest payout after the US.
The social networking giant had collaborated with researchers in 51 countries to detect and get rid of bugs in various products and infrastructure.
According to figures released in early May, Facebook has over 78 million users in India. The blog post from Facebook also mentions that India comes second in the list of countries with the fastest-growing number of recipients of its bug Bounty program. The US tops the list, with Turkey, Israel, Canada, Germany, Pakistan, Egypt, Brazil, Sweden, and Russia making up the other countries in the top 10.
Facebook says that it has paid out a total of 329 people so far, from a variety of backgrounds including professional researchers and part-times. The youngest recipient was only 13 years old.
US also topped the list of the countries with the highest payout, although it received only 20% of the $1 million paid out so far. The largest bounty paid out so far has been $20,000. Apart from India and the US, the other countries in the top 5 are UK, Turkey, and Germany.
Facebook has also said that some individual researchers have already earned more than $100,000 after reporting multiple bugs.
Collin Greene, a security engineer in a statement on the Facebook blog explained the reasoning behind the Bug Bounty Program by saying this
“This early progress is really encouraging; in no small part because programs like these can have a significant impact on our ability to keep Facebook secure. After all, no matter how much we invest in security — and we invest a lot — we’ll never have all the world’s smartest people on our team and we’ll never be able to think of all the different ways a system as complex as ours might be vulnerable.”
Facebook also mentioned that 2 recipients have since taken full-time jobs with the Facebook security team.
In one of the biggest revelations of the success of the White Hat program, a program in which Facebook collaborates with external security researchers, Facebook said it had received a report regarding a bug that may have allowed some of a person’s contact information (email or phone number) to be accessed by people who either had some contact information about that person or some connection to them.
Facebook, while offering a detailed explanation, said that it had no reports that the above bug had been used maliciously and had notified affected users. It also said that it had paid out a big bounty to the person who reported the bug.