India Tops Facebook Inc (FB) Bugs Bounty List for Participation and Rewards

Taj Mahal India
Source: tajmahal.org.uk

Numbers show that India ranks high on the list of 127 countries that have taken part in the Facebook Inc (NASDAQ:FB) Bug Bounty program. It also boasts of the highest researchers and the number of most paid bounties, totaling Rs 48.4 million so far.

The program which began in 2011 invites “friendly” hackers to research about security vulnerabilities on Facebook and other Facebook related web sites and submit them, and they get rewards for them depending on the importance of the findings.

Other technological companies have also used the bug’s bounty program e.g. Amazon and Google, which they claim helps them in identifying frailties in the system. The US Defense Department recently started a bug’s bounty program which would enable it to see any failures in its security system. At the time, it was reported that the program had no rewards for those who found a bug, but plans were in the pipeline to start giving rewards.

The list from Facebook showed that the company received 13,223 submissions from 5,543 researchers in 127 countries. The average payout was $1,780, and the total number of bounties paid was $936,000 for at least 270 researchers. India, Egypt and Trinidad and Tobago had the highest number of payouts, and a total number of 526 official reports were submitted.

Facebook says that the amount that is given out is based on the risk that the bug shows and not on the complexity or cleverness of the bug. “This means you can maximize the value of your report by focusing on high-impact areas and submitting a high-quality report,” the technical manager for the Bug Bounty project at Facebook, Adam Rudderman, said in a statement.

Rudderman explains that the bugs that affect the users were considered more significant compared to other factors. Factors like the difficulty of exploitation of the vulnerability, technical skills required for an attack, and if the flaw violates the intended use of the product were also considered.

“Facebook receives more and more high-impact bugs from India each year, reflecting the growing sophistication and technical capabilities of the country’s engineering schools and cyber security programmes,” Rudderman said.

The news of India’s significant contribution to the Facebook bounty program comes in the wake of the news that 22 years old Indian security researcher Anand Prakash discovered a flaw on the Facebook beta version website last month. The flaw allowed anyone with a Facebook username to login and change privacy details without the user’s consent. The researcher was given $15,000 as his reward.