Facebook has paid out over $1 million to white hat security researchers in the two years since it’s launched the program, and over 329 individuals have been awarded a bounty.
The individuals who received the bounty come from all walks of life: some are professional security researches, others are freelancers and there are a lot of students who also get involved. The youngest recipient is 13 years old, and some individual researchers have already earned over $100,000. The countries with the most number of recipients are the U.S., India, UK, Turkey, and Germany.
Collin Greene, a security engineer at Facebook, said that, “This early progress is really encouraging, in no small part because programs like these can have a significant impact on our ability to keep Facebook secure. After all, no matter how much we invest in security — and we invest a lot — we’ll never have all the world’s smartest people on our team and we’ll never be able to think of all the different ways a system as complex as ours might be vulnerable.”
Facebook may be tightening the hatches when it comes to security flaws, but there are a lot of issues that still need fixing. A security bug discovered in June allowed users to download their friends and friends of friends’ phone numbers and e-mail addresses using the DYI (download your information) tool. The flaw was said to have affected 6 million users. Facebook was notified of the issue through the bug bounty program, and has since taken measures to fix it.