Facebook has announced a payment of $936K to security researchers in 2015, for submission of valid reports on important issues relating to Facebook's security.
It is said that an amount of $936,000 was paid by Facebook to security researchers as rewards for submission of valid reports on Facebook's security aspect, Venture Beat reported. The amount, according to the same report, was paid for 526 valid reports submitted by researchers as part of the bug bounty program, which was launched in August 2011. Till now, there are more than 800 researchers who received rewards worth $4.3 million for 2,400 submissions on issues relating to Facebook's security.
It is said that the amount paid in 2015 is less than the amount paid in 2014, Mash New reported. Figures show an amount of $1.3 million being paid to 321 researchers in 2014, while $1.5 million was paid to 330 researchers in 2013. Although the number of submission grew in 2014 as compared to 2013, there was a downfall in submissions of reports in 2015.
Facebook received submissions in 2015 from 5,543 researchers in 127 different countries, and going by statistics, the figure for an average payout in 2015 was slightly less. Amount paid by Facebook in 2015 was $1,780 as compared to $1,788 for the year 2014. Facebook's reason for this was becasue the quality of the reports were getting better, with more reports on business logic being submitted.
Facebook said that there were two reasons for the numbers being less down across the board and only one number being more. Figures supporting the fact that was revealed by Facebook in the news stood at 102 bug bounty submissions being classified as high impact in 2015, reflecting an increase of 38 percent compared to 2014.
The reasons cited by Facebook is the security receiving step-by-step instructions to reproduce the issue, seeing the attack scenarios in their reports, and getting reports that clearly prioritize a few important issues rather than many low-impact bugs.