Facebook Pays Out $40K during First Month of Bounty Program
At the start of the month we were reporting that popular social networking site Facebook decided to implement a bug bounty program, similar to the ones Google and Mozilla have. As part of the bounty program, security researchers who uncover security vulnerabilities and report them to Facebook, can earn upwards of $500 – it all depends on the severity of the vulnerability the security researcher uncovers.
Facebook explained at the time that it will pay for vulnerabilities that could compromise either the integrity or privacy of Facebook user data, like cross-site scripting (XSS), cross-site request forgery (CSRF) or remote code injection. $500 is the base rate paid for vulnerabilities; the amount goes up for “truly significant” security holes, as Facebook put it.
That takes care of the introduction; now that everyone’s on board, let’s move on to the real topic of this article. The news is that in few weeks since the implementation of the bug bounty program, Facebook has paid out more than $40,000 to security researchers.
I mentioned above that the base rate Facebook pays out is $500, but that amount can go up depending on the severity of the vulnerability. Facebook’s Chief Security Officer Joe Sullivan said that out of the $40K paid out to security researchers, $7,000 went to a researcher who uncovered and reported six vulnerabilities. Another $5,000 went to a researcher who reported a “really good” vulnerability, added Sullivan.
The point here is that security researchers could make a lot of money if they find a serious vulnerability. “Because bug reports are often complicated and can involve complex legal issues, we chose our words carefully when announcing the program. Perhaps because of this, there have been several inaccurate reports about how the program works. For example, some stories said that the maximum payment would be $500, when in fact that is the minimum amount we will pay,” said Sullivan.
Security researchers who have knowledge of a vulnerability and would like to report it to Facebook, need to visit this webpage.
Tags: acebook, Security, Money
Facebook explained at the time that it will pay for vulnerabilities that could compromise either the integrity or privacy of Facebook user data, like cross-site scripting (XSS), cross-site request forgery (CSRF) or remote code injection. $500 is the base rate paid for vulnerabilities; the amount goes up for “truly significant” security holes, as Facebook put it.
Advertising
That takes care of the introduction; now that everyone’s on board, let’s move on to the real topic of this article. The news is that in few weeks since the implementation of the bug bounty program, Facebook has paid out more than $40,000 to security researchers.
I mentioned above that the base rate Facebook pays out is $500, but that amount can go up depending on the severity of the vulnerability. Facebook’s Chief Security Officer Joe Sullivan said that out of the $40K paid out to security researchers, $7,000 went to a researcher who uncovered and reported six vulnerabilities. Another $5,000 went to a researcher who reported a “really good” vulnerability, added Sullivan.
The point here is that security researchers could make a lot of money if they find a serious vulnerability. “Because bug reports are often complicated and can involve complex legal issues, we chose our words carefully when announcing the program. Perhaps because of this, there have been several inaccurate reports about how the program works. For example, some stories said that the maximum payment would be $500, when in fact that is the minimum amount we will pay,” said Sullivan.
Security researchers who have knowledge of a vulnerability and would like to report it to Facebook, need to visit this webpage.
Tags: acebook, Security, Money
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 28 May 2012
Mozilla introduced a new program meant to educate millions of people, the Mozilla Webmaker program.
By George Norman on 26 May 2012
Piriform updated its products, making CCleaner less annoying and Defraggler a lot faster.Related News
By George Norman on 05 Jan 2012
This is proof that there are a lot of threats on the web and the perfect example of why you should use a properly good security solution to secure your data against viruses and other malware
By George Norman on 10 Feb 2012
Microsoft has just announced that this February, as part of the Patch Tuesday program, it will roll out a grand total of 9 security bulletins to all customers all over the world.
By George Norman on 15 Feb 2012
Security oriented people who don’t want to take the risk that someone is snooping on their web traffic will remember that back in March 2011 Twitter announced that it added a setting that
By George Norman on 20 Feb 2012
After announcing that it turned on HTTPS for everyone, the team behind the popular micro-blogging and social networking site announced that the new Twitter.com website is now available to everyone.Advertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Facebook Pays Out $40K during First Month of Bounty Program
HTML Linking Code
HTML Linking Code