Short Bytes: The Indian security researchers have topped the list of hackers getting the highest awards and participation in Facebook Bug Bounty program. This program allows the researchers to locate loopholes in Facebook’s products and report them via a suitable channel. This year, Facebook received 13,233 bug submissions — out of these, 210 reports were found valid.
When it comes to hunting bugs in the world’s largest social network, Indian security experts are at the top. The country has topped the list of 127 countries that participated in Facebook’s Bug Bounty programme and reported vulnerabilities in its website, Instagram, Oculus, Free Basics, and Onavo.
According to Facebook’s data, in 2015, the company processed 13,233 bug report submission from 5,543 security researchers. As a result, Facebook paid bug bounties worth $936,000 to 210 hackers whose submissions were found valid. If we talk about the average payout, it was around $1,780, with India, Egypt, and Trinidad and Tobago topping the list.
In a blog post, Facebook writes that the quality of reports it is receiving from bounty hunters is getting better over time. The best bug reports are spotted by researchers who focus on few important issues instead of going for tons of submission about various low-impact bugs. The researchers are also sending over the reports with clearer step-by-step instructions to reproduce the issue.
Facebook says that it pays the bounty on the basis of a bug’s risk, rather than its cleverness or complexity. Bugs that impact the end users are tagged most important as they violate the intended use of the product.
“Facebook receives more and more high-impact hugs from India each year, reflecting the growing sophistication and technical capabilities of the country’s engineering schools and cyber security programmes,” Adam Ruddermann, Facebook Bug Bounty programme’s technical manager said.
Notably, earlier this month, Banglore-based Indian security researcher Anand Prakash made headlines when he was awarded $15,000 by Facebook for finding the bug that could have allowed him to hack anybody’s Facebook account.