30 Aug 2011

Facebook bug bounty program making big payouts

Less than a month after launching its "bug bounty" program that offers cash rewards to independent computer security researchers who report vulnerabilities affecting the site, Facebook announced it has paid out $40,000 in reward money.

Joe Sullivan, the social networking site's chief security officer, said the payouts indicate how skilled independent researchers are at locating bugs and other potential security issues. He said the company has received good reports from people in 16 different countries. One bounty hunter has been paid $7,000, and a single excellent report won a $5,000 reward.

Sullivan also clarified that the minimum pay-out is $500, contrary to reports that have listed that as the maximum bounty.

In response to researchers who requested bounties for spotting vulnerabilities in Facebook apps, Sullivan explained that the large number of third party developers creating apps makes it impossible to include them in the program. He assured Facebook users that a skilled internal security team monitors the site's apps.

Facebook is only one of many tech companies looking to harness the brainpower of independent hackers for its benefit. Apple recently hired Nicholas Allegra, a college student well-known for developing a tool to hack iPhones, as an intern.