It’s been five years since the launch of the bug bounty program at Facebook and the company has revealed some statistics of the program since its inception. The social media network said that they had paid about $5 million dollars as rewards to various white hat hackers who have helped them uncover some vulnerabilities in the company’s systems and its products.
In the report which they released in the year 2015, the company said that they had paid the bug bounty hunters a total amount of $4.3 million since it began their program back in 2011. The total bounty has increased with time from 2011 with 149 researchers being rewarded for the first six months of 2016, a total of $611,000.
The company also noted that they had received about 9,000 bug reports from the white hat hackers from the period between January and June. And as with the same period from the last year, the company paid most of the bounty to researchers and hunters who were based in India. The other two countries which were involved and made up the top three were USA and Mexico. Back in 2015, these two positions were taken up by Egypt and Trinidad and Tobago.
Facebook says that about 900 researchers managed to earn rewards since the program started back in 2011. These white hat hackers and goodwill hackers have been helping the company to improve the program. Facebook has also improved the program as now they explain to the researchers how their final bounty rewards are calculated.
Joey Tyson, one of the security engineers at the Facebook bounty program said that five years was a big milestone for the company but it was no reason for them to be resting on their laurels at all. They want to look at ways to improve the program in future and expand it. He said that for this year alone they had also included WhatsApp to the program, and various other services such as Bitcoin. They have also made the shift to automated payment systems so that they could lay the hunters easily and swiftly.
The company has also promised to continue improving the program and also share resources which are linked to the bug bounty program.