Facebook: 10 years of bug hunting

Little known to ordinary users, Facebook’s Bug Bounty Program is a place for white hat hackers looking for security bugs on the Social Network. The program will soon celebrate its tenth anniversary; It is therefore an opportunity to review the work carried out since 2011 with some impressive figures.

There are many platforms that reward bug hunters, but we can say that it is not idle on the side of Facebook. In ten years, more than 50,000 people have joined the program and among them 1,500 have received bonuses for their reports.
Also known as the Whitehat Program, the social network encourages users to report possible security breaches in its ecosystem. On the web giant’s blog, Security Officer Dan Gurfinkel shared some data and highlights from recent years.

Since 2011, the social network explains that it has received more than 130,000 reporting reports, of which 6,900 have received bonuses. So far this represents approximately $ 1.98 million that has been paid to bug hunters in over 50 countries. To realize the work accomplished, this year, there are 17,000 reports of which a thousand have been awarded. It has been three years since the amount of premiums paid has been increasing. Should we deduce that the bugs are more numerous or that the bounty hunter are always more active?

In the ranking of the most active and award-winning countries, we find India in the lead, followed by Tunisia and, finally, the United States in third place.

Major past and future projects

Originally in 2011, the program focused on the Facebook web page, but now mobile and the many applications are part of the project. Including Oculus and Workplace, says Dan Gurfinkel.

Today, the bulk of the work is focused on three areas. First, security research in emerging areas. In other words, the misuse of Facebook data by application developers, but also security bugs on third-party apps and sites. Second topic: the creation of tools to help the whitehat community in its search for bugs. Finally, the third project, the setting up of events dedicated to piracy to forge links and foster collaborations; this obviously includes Facebook’s BountyCon conference.

Back to top button