On the fifth anniversary of Facebook's Bug Bounty Program, the social networking giant revealed that it has paid out $5 million in rewards to more than 900 security researchers so far. This definitely makes me question how many bugs did Facebook ever had?
With more than a million people using the networking platform at the same time, Facebook’s vulnerability increases manifolds as compared to the efforts put in at securing the platform. This explains the creation of Bug Bounty Program, which in turn, provided help of hundreds of developers around the globe to protect Facebook from cyber-attack.
Joey Tyson, a company security engineer wrote in a blog post, "Launching and running a program of this size for five years is not easy — and we couldn’t have done it without the support of the broader security research community. In fact, we discovered many of the people now on our team through the community of researchers submitting reports.”
Facebook received more than 9,000 reports with most of the payouts going to researchers in India, the U.S., and Mexico — in total, $611,741 was given to 149 researchers.
In 2014, Facebook said it had paid out more than $3 million, with $1.3 million given out to 321 researchers.
Facebook is also planning to make improvements to the program that includes detailing in award notifications for the bounty program. Tyson also said that the company will provide educational resources “on security fundamentals and topics specific to our products.”
Other Goliath's of the tech market, Google, and Apple, also carry such programs. Google being the oldest one has paid out more than $6 million in the past 6 years. Apple can be considered as the new entrant, as the company launched its bug bounty program this year only.