The Daily Swig Web security digest

The social network: Facebook’s Bug Bounty program paid out $880,000 in 2017

James Walker | 16 January 2018 at 11:45

India came out on top with the number of valid submissions.

Facebook paid out more than $880,000 to security researchers through its Bug Bounty program last year, bringing the total amount awarded to over $6.3 million.

The social networking site’s white hat program, which celebrated its sixth anniversary in 2017, received more than 12,000 bug submissions last year – 400 of which were determined to be valid reports.

“The average reward per submission increased to almost $1,900, up from $1,675 last year,” said Facebook security engineer, Jack Whitton.

“We also saw an increase in new researchers participating – 32% of researchers with a reward in 2017 submitted for the first time this year.”

According to Whitton, India came out on top with the number of valid submissions in 2017, with the US and Trinidad and Tobago in second and third place, respectively.

As Facebook pushes ahead with plans to shift users’ newsfeeds back towards family and friends, the company said it would also be revamping its bug bounty acknowledgements page in an effort to improve the quality of submissions.

“For those who aren’t aware, we have traditionally ordered this page by the total dollar amount each researcher earned in a given year,” said Whitton. “Going forward, we are going to take a number of things into consideration: dollar amount, submission validity, and more.

“We’re doing this to continue to encourage high-quality submissions, and we will be offering new perks to our top participants such as swag and prizes, access to exclusive events and new features.”