The program that rewards researchers for finding bugs, which make the social networking site and other group products including WhatsApp vulnerable to risks, has paid in excess of $5 million to more than 900 researchers worldwide since the start of the program, Facebook said in a blogpost.
“The top three countries based on the number of payouts: India, USA and Mexico,” Joey Tyson, a security engineer at Facebook, said in the blogpost.
“This reflects the technical competence in the country,” said Saket Modi, CEO at cybersecurity solutions provider Lucideus. “We have the highest number of computer science engineers.”
…They are moving beyond the traditional languages such as C++ and Java to cyber security, big data and analysis. So it is very natural that they test their skills on massively popular websites such as Facebook. The more popular a website/software becomes, the more vulnerable it becomes,”
Under the social networking giant’s Bugs Bounty Program, security researchers receive monetary reward for finding bugs that make Facebook or another member of the Facebook family of companies such as Instagram or Whatsapp vulnerable to risks and reporting them responsibly.
The rewards for reported vulnerabilities are given entirely at Facebook’s discretion, based on various factors.
“We determine bounty amounts based on a variety of factors, including (but not limited to) impact, ease of exploitation, and quality of the report. If we pay a bounty, the minimum reward is USD 500. Note that extremely low-risk issues may not qualify for a bounty at all,” according to Facebook.
India is home to Facebook’s second largest user base with 155 million monthly active users and 77 million daily active users.
Mr Tyson said for the first half of the current year i.e January-June, 2016, the company received more than 9,000 reports. “We paid a total of USD 6,11,741 to 149 researchers (in the first half of 2016), bringing our cumulative five-year total to more than USD 5 million paid to more than 900 researchers.
“This year, we’re celebrating the fifth anniversary of the Facebook Bug Bounty program…We are always looking to improve and expand the program. This year, we added WhatsApp to our program, expanded payment options to include Bitcoin, and switched to an automated payment process so we can pay researchers faster,” Mr Tyson said.