Securing a social media platform with a billion-plus users takes more than an InfoSec team.
It takes an army of whitehat hackers who uncover cybersecurity vulnerabilities, document them, and then share that information with the company in exchange for a reward.
Facebook just revealed highlights of its bug bounty program, showing both how it played out and how it paid out in 2017.
5 facts from Facebook's bug bounty, whitehat hacking program
- How much did Facebook pay in bug bounties in 2017? A cool $880,000
- What is the average bug bounty paid by Facebook in 2017? $1,900, which is up significantly from $1,675 the prior year
- How many apparent security vulnerabilities were submitted to Facebook in 2017? A little more than 12,000
- Whitehats from which countries submitted the most flaws to Facebook's bug bounty program? In order:
- India
- United States
- Trinidad-Tobago (maybe they were inspired by the tropical views?)
- Which whitehat hackers are being publicly thanked by Facebook's bug bounty program for 2017? You can see the list here—maybe you recognize some of them by their screen name or Twitter handle.
And Facebook says in 2018 it's going to offer faster payment and recognition for valid cybersecurity vulnerability reports, along with the chance to get free swag and invites to special events. If you want to get on board that gravy train, here is how you can submit a report: https://www.facebook.com/whitehat/resources
With more companies adding bug bounty programs themselves or through vendors, it looks like 2018 will be another profitable year to be a security researcher.
