Facebook Grows Bug-Bounty Payouts in 2014
Facebook paid $1.3 million in awards to security researchers in 2014, and 2015 is likely to be a strong year for the company's bug-bounty program.Facebook's security got a significant boost in 2014, thanks to the efforts of researchers who reported flaws to the social networking giant. Facebook reported the highlights of its bug-bounty program in a note posted on Feb. 25, revealing that $1.3 million awards were paid out to 321 researchers around the world in 2014. A Facebook spokesperson told eWEEK that the single largest payout in 2014 was $30,000, and the top earner collectively earned $86,000 in 2014. While the top single award was $30,000, the average award that Facebook paid was $1,788. Facebook's bug-bounty program awards researchers for responsibly disclosing security vulnerabilities. Facebook first began its bug bounty program in 2011 and has paid out more than $3 million in awards since then. Last year, Facebook saw an increasing number of bug reports flow into its bug-bounty program. There were 17,011 bugs filed with the program in 2014, a 16 percent year-over-year gain from 2013. Not all the bugs that Facebook receives have the same effect, and the fact that Facebook got 17,011 submissions from security researchers doesn't mean that Facebook has that many vulnerabilities. That said, the number of highly severe bugs that are reported to Facebook is, in fact, increasing.
"Sixty-one of last year's eligible bugs were categorized as high severity, 49 percent more than the previous year," Facebook Security Engineer Colin Green wrote in the Facebook note.