Facebook Pays Out $40,000 in Bug Bounties in First Month

Just a month into its cash-for-bugs program, social networking giant Facebook doled out some $40,000 in bounties to researchers from 16 countries, according to a company statement.

Just a month into its cash-for-bugs program, social networking giant Facebook doled out some $40,000 in bounties to researchers from 16 countries, according to a company statement.

Joe Sullivan, Facebook’s Chief Security Officer, authored a column on Facebook’s security page yesterday heralding the success of the new program as an overall security improvement on the world’s largest social network. The bounties include $7,000 to one researcher who disclosed six separate bugs.

Facebook followed the lead of companies like Google, Mozilla and a gaggle of vulnerability detection firms in July: offering cold hard cash for the details of security holes in its Web based social networking service. The company is paying $500 as the minimum bug bounty, with more money coming to more valuable (read: exploitable) vulnerabilities. The company paid out $5,000 to one researcher for a particularly good report. These are drops in the bucket to a company whose eventual IPO, if rumors prove true, may exceed $100 billion.

And, while Facebook has struggled with bogus reports,the company is counting the bounty program as a success. 

The bug bounty program took root a more than a year ago when the company formalized a responsible disclosure policy that allowed researchers to report bugs to the company without fear of reprisal.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.