News Feed

900 security flaws have been found in Facebook within the last five years after vulnerabilities were found in their platforms and then quietly disclosed them under its bug bounty program.

Providing that the flaws are not already public or used in attacks against users, the social media giant runs a smooth bounty program and appears to pay generously. One security engineer, Joey Tyson, claims that the average pay-out is US$5,556 with about 900 researchers all receiving a payment.

Payments have already reached US$611,741 in H1 of 2016, which was made to 149 researchers with an average pay-out of US$4106. They have even implemented automated payments and allowed bounties to be paid in bitcoin.

One pf its higher payments was towards Bangalore-based hacker Anand Prakash who was paid US$15,000 for reporting a global account hijacking hole back in March.

Most of the bug bounty hunters are based in India, followed by United States and Mexico. Tyson says that Facebook “couldn’t have done it without the support of the broader security research community”. He then went on to say that it has helped them “strengthen many aspects of our program, and we heard from researchers that they appreciate our rewards, triaging, and quick fixes”.

Facebook say they will continue its bug bounty program to make such programs popular and satisfy its researchers.