10th Anniversary of Facebook’s Bug Bounty Program


    Facebook’s bug bounty program which debuted in July 2011 is approaching its 10th anniversary, and the social network said around 50,000 researchers have joined the program to date, with 1,500 of them, from 107 countries, being awarded bounties. Security engineering manager Dan Gurfinkel said that when the program began in 2011, its emphasis was on the Facebook web page, and now it covers all of the company’s mobile and web clients across its family of applications, including Oculus and Workplace From Facebook.

    The 3 key areas of focus are as follows:

    1. Generating chances for networking and collaboration at live hacking events and Facebook’s BountyCon conference.
    2. Formation of tools for the research community to make it simpler and extra rewarding to search for bugs on Facebook.
    3. Innovating ways to organize and incentivize security research into arising risk areas, such as misuse of Facebook data by app developers or security bugs in websites and third-party apps.

    Gurfinkel wrote, “When we receive a valid report that requires a fix, we look not only at the report as it was submitted, but at the underlying area of code to understand the issue in greater depth. Sometimes this proactive investigation leads us to discover related improvements we can make to better protect people’s security and privacy.”

    Some highlights of the report are as follows:

    • In 2020, Facebook has received some 17,000 reports so far, and it handed out bounties on over 1,000 of them.
    • Since the program started in 2011, Facebook has received more than 130,000 reports, of which over 6,900 were rewarded bounties.
    • The leading three countries based on bounties awarded this year are India, Tunisia, and the U.S.
    • So far in 2020, they’ve awarded over $1.98 million to researchers from over 50 countries.
    • For three consecutive years, the company has been rewarding the highest bug bounty payout to date.

    Recent Articles

    Weekly Newsletter (25th Apr’ 21 to 1st May’ 21)

      Here’s the Weekly Newsletter from 25th April’ 2021 to 1st May’ 2021: 1. Moolympics #3: Diversity, Equity, and Inclusion through UX - Moolya Software Testing Private...

    OpKey University launched to provide advanced automation testing training

      Opkey announced on 26th April 2021 that the company has launched its own "Opkey University". According to OpKey University, software testing is a critical...

    Cypress 7.2.0 released with New Features and Bugfixes recently released Cypress 7.2.0 version, the new version comes with various bug fixes and new features. Users can now navigate through folders in...

    Moolympics #3: Diversity, Equity, and Inclusion through UX

      Moolya Software Testing Private Limited recently launched Moolympics which is a monthly competition series that covers different skills, values, cultures you bring to the...

    Weekly Newsletter (18th Apr’ 21 to 24th Apr’ 21)

      Here’s the Weekly Newsletter from 4th April’ 2021 to 10th April’ 2021: 1. OpKey launches Industry’s First Marketplace for ERP Test Automation - Opkey recently launched...

    Related Stories

    Stay on op - Ge the daily news in your inbox