Facebook Pays Out $40K during First Month of Bounty Program
Article by George Norman
On 31 Aug 2011
At the start of the month we were reporting that popular social networking site Facebook decided to implement a bug bounty program, similar to the ones Google and Mozilla have. As part of the bounty program, security researchers who uncover security vulnerabilities and report them to Facebook, can earn upwards of $500 – it all depends on the severity of the vulnerability the security researcher uncovers.

Facebook explained at the time that it will pay for vulnerabilities that could compromise either the integrity or privacy of Facebook user data, like cross-site scripting (XSS), cross-site request forgery (CSRF) or remote code injection. $500 is the base rate paid for vulnerabilities; the amount goes up for “truly significant” security holes, as Facebook put it.


That takes care of the introduction; now that everyone’s on board, let’s move on to the real topic of this article. The news is that in few weeks since the implementation of the bug bounty program, Facebook has paid out more than $40,000 to security researchers.

I mentioned above that the base rate Facebook pays out is $500, but that amount can go up depending on the severity of the vulnerability. Facebook’s Chief Security Officer Joe Sullivan said that out of the $40K paid out to security researchers, $7,000 went to a researcher who uncovered and reported six vulnerabilities. Another $5,000 went to a researcher who reported a “really good” vulnerability, added Sullivan.

The point here is that security researchers could make a lot of money if they find a serious vulnerability. “Because bug reports are often complicated and can involve complex legal issues, we chose our words carefully when announcing the program. Perhaps because of this, there have been several inaccurate reports about how the program works. For example, some stories said that the maximum payment would be $500, when in fact that is the minimum amount we will pay,” said Sullivan.

Security researchers who have knowledge of a vulnerability and would like to report it to Facebook, need to visit this webpage.

Tags: acebook, Security, Money
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 16 Jun 2017
When companies pick an official slogan or motto, they usually go with something they think will impress. Well, these aren't your regular slogans. These are snarky slogans thought up by a cranky a-hole.
By George Norman on 31 May 2017
Having lots of devices connected to your network and the internet isn't a problem, as long as you keep the bad guys out of the picture. That’s crucial, because they'll exploit any vulnerability that they can find.
By George Norman on 29 May 2017
You’re an adult, and you can spend your money any way you want to. You could get any video game, even if it’s not on sale. You could splurge on a new Surface Pro, and you could even get a high-end Battlebox if you wanted to.
By George Norman on 12 Jul 2017
The results of the third annual FbStart Apps of the Year Awards are in and the 5 apps to win an award, a cool cash prize, and be recognized as the most innovative apps in Facebook’s global startup program are…
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Facebook Pays Out $40K during First Month of Bounty Program
HTML Linking Code