Advertisement

Facebook paid white hat hackers more than $600K this year

Wednesday marked the 5th anniversary of Facebook’s bug bounty program, which rewards freelance hackers and other security researchers for finding software flaws in the social network. In the first half of 2016, alone, Facebook received 9,000 reports of different bugs in its platform and subsequently paid out $611,741 to program participants.
Facebook ad fraud takedown
Jimmy Baikovicius/Flickr

 In the first half of 2016 alone, Facebook’s bug bounty program received 9,000 reports of different bugs in its platform and subsequently paid out $611,741 to program participants.

Wednesday marked the fifth anniversary of the tech giant’s bug bounty program, which rewards freelance hackers and other security researchers for finding software flaws in the social network.

“Launching and running a program of this size for five years is not easy — and we couldn’t have done it without the support of the broader security research community,” Joey Tyson of Facebook’s bug bounty staff wrote in a statement, “we discovered many of the people now on our team through the community of researchers submitting reports.”

Facebook’s bug bounty program was among the first to be instituted in Silicon Valley, with subsequent programs later launched by Twitter, Apple and Amazon. While some bug bounty programs are structured and organized internally, as Facebook has done, others rely on private firms like HackerOne and BugCrowd to recruit white hat hackers, organize their efforts and monitor the boundaries.

Advertisement

In total, dating back to 2011, Facebook has paid out more than $5 million to roughly 900 researchers, the social network announced Wednesday.

Looking forward, Tyson described that Facebook will look to improve its bug bounty program by, among other things, sharing the “thinking behind each award” and providing “educational resources on security fundamentals and topics specific to [Facebook] products.”

Bug bounty programs have become popular in recent years due to the low cost, high impact solution they offer, enabling companies and government agencies to find, fix and mitigate the risks associated with faulty code in a way that is effective more affordable than if someone were buy individual exploits from a vendor. For example, a pilot program used by the Pentagon and conducted by HackerOne attracted 1,400 hackers, found 138 vulnerabilities and yet only cost $150,000.

Chris Bing

Written by Chris Bing

Christopher J. Bing is a cybersecurity reporter for CyberScoop. He has written about security, technology and policy for the American City Business Journals, DC Inno, International Policy Digest and The Daily Caller. Chris became interested in journalism as a result of growing up in Venezuela and watching the country shift from a democracy to a dictatorship between 1991 and 2009. Chris is an alumnus of St. Marys College of Maryland, a small liberal arts school based in Southern Maryland. He's a fan of Premier League football, authentic Laotian food and his dog, Sam.

Latest Podcasts