Facebook’s Bug Bounty Program Pays Out $40,000 Since Launch [The Facebook Bug Bounty Program Isn't A Month Old, But Has Already Paid Out Handsomely To Several Hackers]

Posted on TFTS by Steve Anderson on Monday, 29. August 2011 under: Internet Highlights

Remember when, just a few weeks back, we brought you the story of the Facebook bug bounty, in which, if you could discover a way to hack Facebook, and were willing to put up with a few terms and conditions (like not blabbing to the media about the huge embarrassing hole in Facebook’s security you found), you would get paid actual foldin’ money? Well, apparently, plenty of folks took Facebook at their word and went hunting. And they’ve been paid, too, and pretty well at last report.

The current figures stand at about $40,000 paid out to hackers over the course of the last three weeks alone, with amounts per payout starting at $500 per bug and going up from there depending on several factors, including severity and the like. Indeed, it’s not just a stack of $500 checks going out, either–fully $12,000 of that $40,000 went to just two researchers, including one hacker who pulled down $5,000 on what was described as “one really good report”, and a second participant who snagged fully $7,000 for spotting six different issues in one report.

Naturally, there have been problems with this, as Facebook staffers report having to weed out several false reports from individuals who are just “looking for publicity”, and Facebook will not be extending the offer to the legion of third-party applications that exist out there as it simply wouldn’t be practical to do so. Still though, that number represents a whole lot of found bugs that could have posed a variety of problems, especially if the earlier-reported Operation Facebook, set by some elements of Anonymous for November 5th and denied by others, came into play.

Personally, I think this is a great idea; getting the hacking community involved in protecting websites and paying them (and pretty well, too) to do so is a move that’s in the best interests of sites, users, and hackers alike. But what do you guys think? Is this a way to improve security and make the internet in general a better place? Or do you call this hush money paid to criminals in a bid to keep them quiet? No matter how you regard the issue, and there are plenty of possibilities, we want to hear from you. So hit the comments section below and tell us what you think!