Facebook shells out £24,000 to white hat hackers
Cash rewards offered for security flaws in web application
By Robert McMillan | Published: 11:47, 30 August 2011
Three weeks after launching a bug bounty programme that pays hackers cash for finding flaws with its website, Facebook said it has paid out more than $40,000 (£24,500) in rewards.
Facebook called the programme a success, saying it has mobilised security researchers around the world to help make Facebook.com more secure.
"We know and have relationships with a large number of security experts, but this programme has kicked off dialogue with a whole new and ever expanding set of people across the globe in over 16 countries from Turkey to Poland who are passionate about Internet security," the company said.
Related Articles on Techworld
In recent years, technology companies have started paying hackers to encourage them to quietly report any bugs they find rather than simply dumping them out in public where they could be misused by criminals. Google and Mozilla, for example, operate similar bug bounty programmes.
Facebook pays $500 (£300) per bug but will shell out more money for exceptional issues.
For example, one hacker was paid $5,000 for "one really good report," Facebook said. The company said that it has also paid out $7,000 to a researcher who flagged six different issues.
"On the other end of the spectrum, we've had to deal with bogus reports from people who were just looking for publicity," Facebook said.
Although Facebook spoke in glowing terms about its initiative, it will not extend it to cover the hundreds of thousands of Facebook applications written by third parties. "Unfortunately, that's just not practical," the company said.
