On Friday, Facebook announced that India tops the list among 127 countries that have participated in Facebook’s Bug Bounty program.
“India is home to the largest population of security researchers (205) participating in the Facebook bug bounty program since its inception in 2011. The country also holds the top spot for most bounties paid — $7.2 million (INR 48.4 million),” Adam Ruddermann, a technical program manager on the Facebook Bug Bounty team, wrote.
In 2015, the company received 13,233 submissions from 5,543 researches in 127 countries. In turn, it paid bounties worth $936,000 to 210 researchers, who had submitted 526 valid reports. The average payout was $1,780, with India, Egypt and Trinidad and Tobago getting the highest number of payouts.
Facebook said that it pays participants on the basis of a bug’s risk, rather than complexity or cleverness. “This means you can maximize the value of your report by focusing on high-impact areas and submitting good quality report,” Adam Rudderman.
For instance, bugs that impact end users are the most important, along with factors such as the difficulty of exploiting the vulnerability, the technical skills required for an attack, and if the bug violates the intended use of the product.
“Facebook receives more and more high-impact bugs from India each year, reflecting the growing sophistication and technical capabilities of the country’s engineering schools and cyber security programmes,” Ruddermann said.
Few weeks ago, a 22-year-old Bengalaru based Indian white hat hacker – Anand Prakash found a security flaw in Facebook’s password reset system for which Facebook awarded him $15,000.