A new bug bounty program launched by Facebook has spent more than $40,000 in its first 21 days, with one security researcher earning over $7,000 for finding six severe bugs in social networking behemoth's code. Facebook has long been the target of cyber criminals who frequently use the site to sell fake goods, send spam, and even mine personal information thanks to the site's lacklustre and confusing privacy settings.
While Facebook already has an in-house team dedicated to finding and resolving bugs, this new program takes it a step further by paying outsiders to submit vulnerabilities. In a blog post yesterday, Facebook Chief Security Officer Joe Sullivan took the opportunity to comment on the bug bounty program, saying it proved highly useful.
"We realize, though, that there are many talented and well-intentioned security experts around the world who don’t work for Facebook. Over the years, we have received excellent support from independent researchers who have let us know about bugs they have found. A couple of years ago, we decided to formalize a “whitehat” program to encourage these researchers to look for bugs and report them to us...We established this bug bounty program in an effort to recognize and reward these individuals for their good work and encourage others to join," said Sullivan.
This program is a step forward, aiming to increase security and reduce vulnerabilities in Facebook's own code. Unfortunately, the site's anti-bug initiative doesn't include unsafe third party applications that have long plagued Facebook users -- most of which are unaware of the potential implications of using them.