PRIVACY SHREDDING SOCIAL NETWORK Facebook has revealed that it paid out over $40,000 in three weeks as part of its bug bounty programme.
Facebook followed the lead of Google, Mozilla, Microsoft, HP and many others in offering hackers, er, software researchers money for finding bugs in its software and bringing them to its attention. In just three weeks Facebook has paid out over $40,000 with one researcher getting $7,000 for flagging six different issues.
Joe Sullivan, chief security officer at Facebook said, “The program has also been great because it has made our site more secure – by surfacing issues large and small, introducing us to novel attack vectors, and helping us improve lots of corners in our code.”
Sullivan said that the minimum researchers can expect to be paid is $500, with one particularly tasty bug netting a researcher a cool $5,000. Curiously Sullivan also said that some people filed bogus reports trying to get publicity.
Paying security researchers to find holes in software has become an extremely popular way of engaging the community and fixing software. It is also considerably cheaper for companies such as Facebook and Google to pay freelancers rather than having full time staff on their books.
In Facebook’s case one hopes that its own in-house security researchers and its bunch of bounty hunters is enough to safe-guard its subscribers’ data. After all, Facebook can’t charge marketers for data that has been lifted due to a security vulnerability.