Skip to main content

Facebook pays bug hunters $40,000 in less than a month

unlock facebookExactly a month ago, Facebook launched a scheme that offered payments to bug hunters who reported flaws in the site’s security system.

On Monday, the social networking giant announced that in the space of just three weeks the bug bounty program has paid out over $40,000 to people who’ve helped identify problems, with one particular bug spotter pocketing over $7,000 for reporting six different issues. Another expert picked up $5,000 for a single report.

Related Videos

In a blog post on Monday, Facebook’s chief security officer, Joe Sullivan, wrote about the success of the bug bounty program. “It has been amazing to see how independent security talent around the world has mobilized to help. The program has also been great because it has made our site more secure–by surfacing issues large and small, introducing us to novel attack vectors, and helping us improve lots of corners in our code,” he wrote.

Sullivan was also keen to clarify the terms of the program, saying, “Some stories said that the maximum payment would be $500, when in fact that is the minimum amount we will pay. In fact, we’ve already paid a $5,000 bounty for one really good report. On the other end of the spectrum, we’ve had to deal with bogus reports from people who were just looking for publicity.”

Of the independent security experts involved in the bug bounty program, Sullivan said some had requested Facebook extend it to third-party applications and programs. Sullivan says in response: “Unfortunately, that’s just not practical because of the hundreds of thousands of independent Internet services implicated, but we do care deeply about security on the Platform.” Indeed, considering the amount of third-party software involved, such a bug-spotting scheme would probably bankrupt the social networking site within days.

He continued: ”We have a dedicated Platform Operations team that scrutinizes these partners and we frequently audit their security and privacy practices. Additionally, we have built a number of backend tools that help automatically detect and disable spammy or malicious applications.”

It seems Facebook has come up with a great way to tap into the skills of the security research community to help make the site more secure. Sullivan certainly values the contributions from the independent experts, closing his blog post with the words: “Facebook truly does have the world’s best neighborhood watch program, and [the bug bounty] program has proven that yet again for us.”

Editors' Recommendations

Your Windows 11 screenshots may not be as private as you thought
Person sitting and using an HP computer with Windows 11.

When you capture a screenshot and crop out sensitive information, it's still possible to recover a portion of the image that was supposedly removed in some circumstances.

This isn't the first time redacted documents have turned out to have left hidden data intact and readable with the right tools and knowledge. A recent bug in Google's Markup tool for the Pixel phone, humorously dubbed the "Acropalypse," shows this issue might be surprisingly common.

Read more
Best VPN services 2023: today’s top picks
best VPN services

People around the world use the internet for everything today, including work, education, shopping, socializing, and managing finances. It goes without saying, then, that ensuring your online privacy is more pressing than ever. Even if you lack technical skills, there's an affordable and easy security solution: a virtual private network, better known as a VPN. By using a good VPN, you can protect your devices and hide your online activities from cyber-criminals, network snoops, online busybodies, institutional censors, and other unwanted pests. But with so many options available, it can be challenging to choose the right VPN for your needs and budget. To help you make an informed decision and maybe even save you some money, we've curated a comprehensive list of the best VPN services complete with details on their pricing, features, and more.
Best VPN 2023

Hotspot Shield
Private Internet Access
Kaspersky VPN

Read more
Adobe Firefly brings text-to-image AI to the masses, with artist ethics in mind
AI-generated imagery in Nvidia's press photo for AI Foundations.

Adobe Firefly was announced today by Adobe, as the company attempts to capitalize on the surge in interest in generative AI. The text-to-image model is only in beta, but will be coming first to Adobe Express, the company's simplest and most user-friendly application.

The set of tools will function a lot like many of the other popular text-to-image models, such as Stable Diffusion or Midjourney. The difference here, however, is that Firefly is built from the ground up by Adobe to be used within its creative applications. That means Firefly will be both highly accessible to beginners and include important ethical considerations for artists.

Read more