- Facebook distributed a total of $611,471 to 149 researchers in H1 2016
- Indians received the biggest share of the bounty in the period
- Facebook received 9,000 security reports in first six months of 2016
Indians remain the biggest beneficiaries in Facebook’s Bug Bounty program, the company’s initiative to allow security researchers to find flaws on its platform. Joey Tyson, a security engineer at the company, wrote in a post that Indians lead the world when it comes to raking in the moolah, taking the biggest chunk of the $611,741 (roughly Rs 4.08 crores) distributed to 149 researchers via the program between January and June 2016.
(Also see: Bug Bounty Hunters and the Companies That Pay Them)
The USA and Mexico took the next two spots in the list of countries whose developers get the most money for finding bugs on Facebook. The company has distributed over $5 million among more than 900 researchers under the program in the five years since its inception.
India has been a dominant force in the Facebook bug bounty program over the past few years. Cyber-security researchers and developers from India had been awarded roughly Rs 4.8 crores since the program was started, according to data the company released in March this year. Facebook did not reveal the breakup of the bounty distribution for the first half of 2016.
Facebook’s Bug Bounty program lets white hat hackers report vulnerabilities in Facebook and its acquired companies and products, such as Instagram, Free Basics, Oculus, and Onavo. With the help of the Bug Bounty program, security researchers were able to report over 9,000 bugs on Facebook platforms in the first half of the year.
(Also see: Facebook Fixes Flaw That Could’ve Let Anyone Access Your Account)
This year, Facebook added WhatsApp to the program, expanded payment options to include Bitcoin, and switched to an automated payment process so researchers can be paid faster, Tyson said in the post. Additionally, the award notifications now include information on how the specific bounty was determined.
More changes are coming to the initiative, as Facebook plans to share more educational resources on security fundamentals and topics specific to our products.