Facebook offers a new annual review of its Bug Bounty program. This program was launched in August 2011 and consists of paying security researchers (or hackers) for the discovery and submission of security bugs.
In 2014, $ 1.3 million was donated to 321 security researchers. This is less than the $ 1.5 million in 2013 (for 330 researchers). However, the number of submissions increased by 16% to 17,011. And for bugs eligible for the program, 61% of them represented a high security risk, 49% more than last year.
While the average reward amount was $ 1,788, a nucleus of five hackers alone received $ 256,750. Once again, Indian hackers were the ones who contributed the most with 196 valid bugs. Egypt and the United States complete the podium with 81 and 61 bugs, respectively.
As often, Facebook has continued to expand the reach of its Bug Bounty program by including Oculus.
For this beginning of 2015, it starts on the wheel hats with already more than 100 valid bug reports. Among these, that of the web developer Laxman Muthiyah who received $ 12,500 for the discovery of a bug allowing to delete "all" the photos on the social network.
Facebook fixed the bug two hours after validating the report. The flaw was not exploited and Facebook later clarified that it needed to know the identifier of the targeted photo album as well as an authorization to view it (in the privacy settings).