Facebook pays over $40,000 for security bugs
Since launching its Security Bug Bounty programme at the end of July, Facebook has, over the course of three weeks, paid out more than $40,000 for reports of vulnerabilities in the social networking service. According to Facebook Chief Security Officer Joe Sullivan, the new programme has "kicked off dialogue with a whole new and ever expanding set of people across the globe in over 16 countries, from Turkey to Poland, who are passionate about Internet security".
In a Facebook post, Sullivan says that one person has already received over $7,000 for six different issues that they reported. He goes on to clarify that the programme's minimum payment award is $500 – some initial reports stated that this would be the maximum payment. Sullivan also notes that a $5,000 bounty has already been paid out "for one really good report".
"It has been a joy to engage in dialogue about issues and hear from the diverse perspectives these people bring" added Sullivan. He does not, however, say how many bugs have been reported or how many have been fixed and offers no information on the character of the flaws.