Categories: SecurityWorkspace

Facebook Awards $5m As Bug Bounty Scheme Turns Five

Facebook said it has awarded more than $5 million (£4m) through its bug bounty programme since the scheme launched five years ago.

The programme, similar to those operated by Microsoft, Google, HP and others, is intended to encourage researchers to independently track down bugs before they are found by attackers.

WhatsApp added

Since its foundation in October of 2011 it has paid out around $1 million a year for bugs found in Facebook, as well as other company properties including Instagram, Oculus Rift and Free Basics. This year Facebook added WhatsApp to the programme.

After paying out $1.5 million in 2013 and $1.3 million in 2014, Facebook awarded $936,000 to researchers last year.

But the figures so far for this year suggest a higher total, with $611,741 paid to 149 researchers out of a total of 9,000 reports.

In all more than 900 researchers have been paid over the five-year period, with most coming from India, followed by the US and Mexico.

In March Facebook paid researcher Anand Prakash $15,000 for spotting a bug that could have allowed anyone to hijack any Facebook account via a missing password security feature on a beta-testing site.

‘Real risk’

Facebook said it has added information on how specific bounties were calculated to its notifications, saying it calculates the rate based on “real (rather than perceived) risk”.

The programme has expanded this year to include Bitcoin payments and payments have been automated to speed up the process, according to Joey Tyson, a security engineer on the Facebook Bug Bounty team, said in a blog post.

The programme has been part of a wider industry trend and Tyson said Facebook has had broad support from IT security professionals.

“In fact, we discovered many of the people now on our team through the community of researchers submitting reports,” he wrote.

This year Apple and security firm Kaspersky Lab launched bug bounty schemes, as did porn site Pornhub.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago