Facebook on Friday published an update on the progress of its four-year-old bug bounty program , revealing that it paid out $1.5 million in bounties last year to take the program’s lifetime payouts beyond $2 million.
Total submissions in 2013, according to the social networking giant, rose 246 percent from the year prior to reach 14,763, the vast majority of which were found to be invalid. The $1.5 million it paid out in 2013 were distributed among 330 researchers around the globe, with the average reward being $2,204. Further, most of the bugs brought to light under the program were “in non-core properties, such as websites operated by companies we've acquired.”
“We're grateful to all the researchers around the world who have taken the time to evaluate our services and report bugs. Researchers in Russia earned the highest amount per report in 2013, receiving an average of $3,961 for 38 bugs,” the company said in a note. “India contributed the largest number of valid bugs at 136, with an average reward of $1,353. The USA reported 92 issues and averaged $2,272 in rewards. Brazil and the UK were third and fourth by volume, with 53 bugs and 40 bugs, respectively, and average rewards of $3,792 and $2,950.”
The company is particularly pleased with its handling of high-severity bugs, having managed to bring down “the median fix time for high-severity issues down to just 6 hours.”
Follow Pulkit on Google+