Facebook’s 2017 Bug Bounty program paid out $880,000 to more than 100 researchers and will update its Thanks page in 2018 to reflect dollar amount and submission validity, among other items, as well “invest more resources into getting more timely responses and payments to researchers,” according to an update from Jack Whitton, a security engineer on Facebook’s product security team.
The 2017 number brings the total payout for the six-year program to $6.3 million.
Facebook received upwards of 12,000 submissions last year with most of the more than 400 valid submissions coming from researchers in India, the U.S. and Trinidad & Tobago.
The average award per submission bumped up to $1,900, from $1,675 in 2016. And the cadre of researchers submitting grew – 32 percent participated for the first time.