Fb's bug bounty program is near its 10th birthday
Facebook's bug bounty program is approaching its 10th birthday. According to the social network, over 50,000 researchers have joined the program since its debut in July 2011. Around 1,500 of them from 107 countries receive bounties.
Dan Gurfinkel, Manager for Safety Technology, shared some highlights in a blog post this week:
- As of 2011, Facebook has received more than 130,000 reports, of which over 6,900 have received bounties.
- So far this year, we've awarded over $ 1.98 million to researchers from more than 50 countries.
- Facebook received around 17,000 reports so far in 2020, with over 1,000 bounties issued.
- For the third time in a row, the company awarded the highest bug bounty payout to date.
- The three countries based on the bounties awarded this year are India, Tunisia and the United States.
Gurfinkel added that when the program started in 2011, the focus of the program was on the Facebook website and now covers all of the company's web and mobile clients in its family of applications, including Oculus and Workplace From Facebook.
The three main areas are:
- Innovative ways of controlling and promoting security research in emerging risk areas, e.g. B. Misuse of Facebook data by app developers or security gaps in third-party apps and websites.
- Creating tools for the research community that will make it easier and more rewarding to search for bugs on Facebook.
- Creation of collaboration and networking opportunities at live hacking events and Facebook's BountyCon conference.
Gurfinkel wrote, “When we receive a valid report that needs correction, we not only look at the report submitted, but also at the underlying code area to better understand the problem. Sometimes this proactive investigation leads us to discover improvements to better protect people's security and privacy. "