The recently introduced Facebook bug bounty program has proved to be a great success, says Joe Sullivan, the company’s chief security officer.
“We know and have relationships with a large number of security experts, but this program has kicked off dialogue with a whole new and ever expanding set of people across the globe in over 16 countries, from Turkey to Poland who are passionate about Internet security,” he added. “The program has already paid out more than $40,000 in only three weeks and one person has already received more than $7,000 for six different issues flagged.”
He also pointed out that $500 was the minimum sum received for a discovery of a bug, but that one particular report brought $5,000 to its author. Unfortunately, he didn’t disclose how the Facebook security team rates the discoveries and decides on the payout.
In spite of many requests to include bugs found in third-party applications and websites that can be connected to the users’ Facebook identity, the bug bounty program remains limited only to bugs that could compromise the integrity or privacy of Facebook user data.
Bug bounty programs have previously been instituted by Google and Mozilla. And even though Adobe and Microsoft still decline to make that step, Microsoft has instituted a competition that aims to amply reward security researchers who develop innovative computer security protection technologies.