Facebook has shelled out nearly $40,000 in the first three weeks of a programme that rewards white hat experts for detecting security holes in the social networking website. The “bug bounty” programme is aimed at encouraging security experts to help ramp up Facebook's security against cyber attacks. Facebook paid more than $7,000 for detecting as many as six serious bugs in the site. The social networking company runs the programme alongside its other measures to ward off threats to the site.
Facebook chief security officer Joe Sullivan disclosed some of the information of the ongoing bug bounty programme in a blog post. He said in the post that the programme had made Facebook more secure by bringing the networking site to "novel attack vectors, and helping us improve lots of corners in our code". Sullivan revealed that the minimum sum paid for bug detecting is $500, which can be extended up to $5,000 depending upon the seriousness of the loophole detected. Facebook has already shelled out the maximum bounty once. [RELATED_ARTICLE]
Sullivan adds that Facebook's initiative has received positive response worldwide. “We received really positive feedback when we launched our responsible disclosure policy last year, in which we told researchers we would not take adverse actions against them when they followed the policy in reporting bugs,” says Sullivan.
Facebook's bug bounty programme comes in the backdrop of escalating threats to the social networking site from cyber criminals and vandals. According to reports, Facebook has been a prime target of the cyber criminals and that they are looking out for different ways to extract confidential and useful information from Facebook users and promote spamming on the site.