Facebook in 2015, received more than 100 valid bug reports and vulnerabilities from researchers all over the world. Bounty program pays valid bug reporters as well.
Last year, in 2014, Facebook paid $1.3 million in reward of valid vulnerabilities and bug reports. The bug submission rate was increased by 16% while the total number of reports received for glitches was 17,011. These reports include social networking platform and other related services under the company umbrella.
Out of these 17,011 reports, 61 entries were found very sensitive vulnerabilities to a high severity level. These problems were fixed by Facebook developers on priority basis. This number disclosed about 50% more than the year 2013.
Facebook has paid overall 1.3 million dollars for security notifications from its bounty program. This amount is paid to only external researchers who have pointed out bugs and security holes. It might be interesting to know that almost half of this amount was paid in 2011, the year Facebook started its reward program.
Top 3 Contributors in 2014
Top 3 countries who have contributed to Facebook bugs and security notification programs are listed below:
- India (196 vulnerability reports, reward $1,343)
- Egypt (81 reports, reward $1,220)
- US (61 vulnerability reports, reward $2,470)
The company, however, did not explicitly disclosed any information about highest reward paid last year. But it indicated that the top five earners were given $256,750 collectively. That could be a fair amount for researchers.
Top vulnerability reports informed in 2014 to Facebook include various faulty and hidden parameters that could compromise the system and data security. Some of these vulnerabilities were found too serious to dodge the system and lead the company to face unbearable loss.
Facebook reward program has contra benefit, both for company and researchers. Though company enjoys a huge benefit of public loyalty and it was able to save from painful crashes and loss that could almost break down the network. While researchers got reward in form of money and goodwill.
Have you ever found any vulnerability or bug for some entity like Facebook or any other? Or you know anyone who had done such an interesting job? Please express your ideas and feelings about such reward programs.