Threat Management

Facebook doled out $1.5 million to researchers in 2013 for bug bounties


Facebook awarded more than $1 million in bug bounty awards last year and received close to 15,000 submissions.

Of the thousands of submissions, 687 were valid and received rewards, according to a company update on the program. Facebook saw a 246 percent increase in bug submissions in 2013 over 2012, and since the program began in 2011, the company has doled out more than $2 million. Researchers in Russia earned the most reward money — with each bug discovery earning them an average of $3,961 — while experts in India submitted the most valid bugs with 136.

The company noted in its update that it analyzes every reported vulnerability it receives. Typically a bug is fixed within six hours.

A Brazilian computer engineer received the largest bounty earlier this year for discovering a Remote Code Execution vulnerability.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.