Facebook paid $1.3 million to 321 hackers worldwide last year who helped spot security flaws in the social network's software.
"Every year we are surprised by what we learn from the security
community, and 2014 was no exception," Collin Greene, Facebook's
security engineer, wrote in a blog post Wednesday morning.
Started in 2011, Facebook's "bug bounty" program awards money to people who report security gaps to the company.
There were 17,011 reports submitted to Facebook's bug bounty program in
2014, an increase of 16 percent compared to 2013. There were also more
severe security gaps reported to the social network last year, according
to the blog post.
That includes flaws that would allow hackers to upload content in
Facebook's and Instagram servers, view a user's private messages and
post on their timelines.
Researchers in India reported the highest number of bugs followed by
Egypt, the United States, the United Kingdom and the Philippines.
The average payout in the United States was $2,470, and 61 bugs were reported. Worldwide, the average payout was $1,788.
The minimum award from Facebook for spotting a security bug is $500 and there is no limit on how high an award can go.
The largest bounty in 2014 was $30,000, which was paid to someone in
Lithuania, according to Facebook. Since Facebook started its bug bounty
program in 2011, the social network has paid out more than $3 million.
The program continues to grow. There have already been more than 100
reports of security flaws submitted to the social network this year.
Other companies such as Google and Yahoo also have bug bounty programs.
But a 2014 report by the RAND corporation also noted that the black
market for consumer data is growing and can be more profitable than the
illegal drug trade.
No comments:
Post a Comment