India continues to be the number one country with maximum researchers and payouts from Facebook’s bug bounty program.
In post Facebook’s Adam Ruddermann, who is the technical program manager on the Bug Bounty team, said that, “India has long topped the list of 127 countries whose researchers contribute to our bug bounty program. It also holds the top position for the country receiving the most bounties paid.”
Facebook has paid over Rs 48.4 million or Rs 4.84 crore to bug hunters in India. According to Facebook, “India hosts the largest number of security researchers who have participated in the Facebook bug bounty program since its inception in 2011.” India has also received the largest amount of bounties paid.
Facebook says it receives more and more high-impact bugs from India each year. And how exactly does a bug hunter get paid? Facebook recommends that researchers focus on high-impact areas and submit quality reports to maximize the value of their findings.
Ruddermann’s post also explains how they calculate risk when a bug is pointed out to them. The company looks at “potential impact of the bug, what could possibly go wrong, and who would be affected.” The social media company also looks at difficulty of exploiting the vulnerability, and what kind of resources or technical skills a successful attack would require before deciding what constitutes a threat. His post also notes that “sometimes what may seem like a bug is actually a feature designed to give people a better experience on Facebook.”
The team then determines a base payout for each eligible report, and Ruddermann says the amount paid is “generally consistent across similar issues.”