updated 8/31/2011 2:19:06 PM ET 2011-08-31T18:19:06

Since launching its bug bounty program last month, Facebook has already paid outside researchers $40,000 for discovering and reporting security flaws in the social network.

Facebook launched the bug bounty program on July 29 as a way to encourage outside researchers to report security vulnerabilities that might go unnoticed or be exploited by online attackers.

As Facebook's chief security officer Joe Sullivan wrote in a blog, "There are many talented and well-intentioned security experts around the world who don't work for Facebook."

It turns out these experts are doing their part to keep the social networking giant stable, and are getting paid handsomely in return.

While the minimum payment for reporting a flaw is $500, Sullivan said one researcher netted $5,000 "for one really good report," and another person received more than $7,000 for flagging six different flaws.

Sullivan thanked the bug bounty researchers for setting up "the world's best neighborhood watch program," and added, "a bug bounty program is a great way to engage with the security research community, and an even better way to improve security across a complex technological environment."

Despite the strength of the neighborhood watch program, Facebook, due to its sheer enormity — 750 million users and growing — continues to be a favorite target of online scammers and spammers.

To its credit, the bug bounty program is one of several security enhancements Facebook has recently implemented. In early August, Facebook introduced mobile password reset to protect people accessing their profiles on smartphones, and on Aug. 19, Facebook released an official security guide, " Own Your Space," outlining what various scams look like and how to best protect yourself.

© 2012 SecurityNewsDaily. All rights reserved


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments