Facebook Flips $40,000 at Bug Hunters in Just Three Weeks

Posted 08/30/2011 at 6:54am | by Paul Lilly

2

Comments

Print

You might recall that Facebook launched a security bug bounty a few weeks back in which the social networking service promised to "pay for undiscovered security bugs that are responsibly disclosed to us." The social service wasn't just paying lip service, and in fact has shelled out more than $40,000 since launching the program three weeks ago.

Facebook didn't say how many bugs were discovered, but did reveal the program's been especially lucrative for one unnamed bug hunter in particular who's raked in over $7000 for flagging six different issues. The way it works is anyone is free to sign up at Facebook's whitehat security page and begin submitting bug reports.

"Because bug reports are often complicated and can involve complex legal issues, we chose our words carefully when announcing the program. Perhaps because of this, there have been several inaccurate reports about how the program works," Facebook explains. "For example, some stories said that the maximum payment would be $500, when in fact that is the minimum amount we will pay. In fact, we’ve already paid a $5,000 bounty for one really good report. On the other end of the spectrum, we’ve had to deal with bogus reports from people who were just looking for publicity. "

The bug bounty program covers Facebook but doesn't cast an umbrella over the various third-party applications that plug into the social networking service.