Facebooks Bounty Program Has Paid Out $4.3 Million
Posted by: Timothy Weaver on 02/11/2016 11:35 AM
[
Comments
]
According to the company, 5,543 researchers from 127 countries submitted over 13,000 vulnerability reports last year. The bounties were paid out to 210 researchers who submitted 526 reports which resulted in payouts of $936,000, with an average of $1,780.
The most reports were sent in from India, Egypt, and Trinidad and Tobago. The total bounty amount decreased in 2015 compared to the $1.3 million paid out in the previous year, but the number of submissions classified as “high impact” increased by 38 percent.
Reginaldo Silva, security engineer at Facebook, explained: “The best reports come from researchers who prioritize a few important issues instead of submitting a large number of reports about various low-impact bugs.”
“Another important part of the program's success stems from the trust between Facebook and the researcher community, so we invest a lot in those relationships,” Silva said. “We carefully investigate and respond to every submission, and are committed to doing so as promptly as possible, typically within a few days. We reward valid security issues based on several considerations and it's not uncommon for researchers to tell us that the bounty they received is higher than they expected.”
Although most bounty hunters are pleased with the program, there are still researchers who have quarreled with the company over a flaw’s eligibility for a reward and the way vulnerability reports had been handled.
Source: Security Week
The most reports were sent in from India, Egypt, and Trinidad and Tobago. The total bounty amount decreased in 2015 compared to the $1.3 million paid out in the previous year, but the number of submissions classified as “high impact” increased by 38 percent.Reginaldo Silva, security engineer at Facebook, explained: “The best reports come from researchers who prioritize a few important issues instead of submitting a large number of reports about various low-impact bugs.”
“Another important part of the program's success stems from the trust between Facebook and the researcher community, so we invest a lot in those relationships,” Silva said. “We carefully investigate and respond to every submission, and are committed to doing so as promptly as possible, typically within a few days. We reward valid security issues based on several considerations and it's not uncommon for researchers to tell us that the bounty they received is higher than they expected.”
Although most bounty hunters are pleased with the program, there are still researchers who have quarreled with the company over a flaw’s eligibility for a reward and the way vulnerability reports had been handled.
Source: Security Week
Comments
