Facebook bug bounty programme: India tops list, a total of Rs 4.84 crore paid

India continues to be the number one country with maximum researchers and payouts from Facebook's bug bounty program.

By: Tech Desk | Updated: March 19, 2016 9:02 am
Facebook, Facebook bounty program, Facebook bug bounty, How much does Facebook pay for finding bugs, Bug Bounty Facebook, Facebook Bug bounty program rewards, technology, technology news Facebook reveals that India remains on top in its bug bounty program with maximum researchers, and bounties paid. (Source: Reuters)

India continues to be the number one country with maximum researchers and payouts from Facebook’s bug bounty program.

In post Facebook’s Adam Ruddermann, who is the technical program manager on the Bug Bounty team, said that, “India has long topped the list of 127 countries whose researchers contribute to our bug bounty program. It also holds the top position for the country receiving the most bounties paid.”

Facebook has paid over Rs 48.4 million or Rs 4.84 crore to bug hunters in India. According to Facebook, “India hosts the largest number of security researchers who have participated in the Facebook bug bounty program since its inception in 2011.” India has also received the largest amount of bounties paid.

Facebook’s team recently visited Goa along with bug bounty teams from Google, Microsoft, Bugcrowd, and Mozilla to thank the Indian security researchers.

Facebook says it receives more and more high-impact bugs from India each year. And how exactly does a bug hunter get paid?  Facebook recommends that researchers focus on high-impact areas and submit quality reports to maximize the value of their findings.

Ruddermann’s post also explains how they calculate risk when a bug is pointed out to them. The company looks at “potential impact of the bug, what could possibly go wrong, and who would be affected.” The social media company also looks at difficulty of exploiting the vulnerability, and what kind of resources or technical skills a successful attack would require before deciding what constitutes a threat. His post also notes that “sometimes what may seem like a bug is actually a feature designed to give people a better experience on Facebook.”

The team then determines a base payout for each eligible report, and Ruddermann says the amount paid is “generally consistent across similar issues.”