Facebook’s Bug Bounty program, which rewards ethical hackers for exposing the platform’s vulnerabilities, got the highest winning submission from Indians. But the average winning amount was higher for American digital hunters.
Facebook has released data about its Bug Bounty Program. The report confirms that Indian bounty hunters found the largest number of bugs on Facebook, taking home an average reward of over $1,300 per successfully proven bug, glitch or security loophole. Indian participants in the bug bounty program managed to unearth an astonishing 136 valid bugs on Facebook, reported Rediff.
Participants from USA reported a total of 92 issues. Though the number is relatively lesser than what Indians managed to find, the nature of bug is also considered while deciding the payout and clearly the bugs found by Americans had more weightage. Hence the participants managed to earn an average of US$ 2,272, more than double what Indians made. Brazil and the UK were third and fourth by volume, with 53 bugs and 40 bugs respectively, and average rewards of US$ 3,792 and US$ 2,950.
Facebook’s Bug Bounty program, launched a little more than two years ago was an attempt to encourage ethical Whitehat hackers to dive deep into Facebook’s code and discover security vulnerabilities or plain errors. The program asked these skilled individuals to chronicle their findings and one of the most important aspect of the same was repeatability. Over the years, multiple critical flaws have been discovered and either remedied or patched. In absence of the Bug Bounty program Facebook would have had to invest a whole lot more in finding the bugs themselves.
This year’s highest grossing entry was from Brazilian bug hunter Reginaldo Silva who earned a handsome reward of US$ 33,500, reports Wall Street Journal. He managed to find and expose a way of reading files from a Facebook web server using Remote Code Execution technique.
The year 2013 has been the busiest for Facebook as it received 14,763 submissions. In comparison to a year earlier, this is a jump of 246%. Facebook though was quite stringent and accepted only 687 as valid entries. About 6% of these flaws were categorized as ‘highly severe’ and the company managed to implement a fix within 6 hours flat. To get a clearer idea as to why 2013 was the most important year till date, consider the fact that ever since Facebook started the Bug Bounty, it has paid out US$ 2 Million Dollars as rewards. But about US$ 1.5 Million was paid in 2013 itself.
[Image Credit | TheWindowsClub]