Facebook has spent more than $40,000 in payouts during the first three weeks of program that rewards users who discover security loopholes on the social networking Web site.
The Bug Bounty Program aims to encourage security researchers to report glitches to the site and offers a base reward of $500 to those who are the first to report a particular bug, according to a blog post from Joe Sullivan, Facebook's chief security officer.
The program has also been great because it has made our site more secure - by surfacing issues large and small, introducing us to novel attack vectors, and helping us improve lots of corners in our code, Sullivan wrote.
To qualify for the bounty, security researchers must report glitches that are native to Facebook - not third party applications such as FarmVille - and must be responsible with their findings. That is, they must give Facebook a reasonable amount of time to disclose the bug to its users before reporting it publicly.
The program runs along sides Facebook's internal efforts to monitor the code it creates that keeps the Web site up and running.
Security experts have the potential to earn considerable payouts based on the issues they discover. Sullivan wrote that Facebook paid $5,000 for one particularly helpful report and also said another person has received more than $7,000 for six different issues he flagged.
Sullivan noted that the Bug Bounty Program gives Facebook another way to connect with its members since many tech-savvy internet users often spot security flaws but don't know how to inform companies about them.
A bug bounty program is a great way to engage with the security research community, and an even better way to improve security across a complex technological environment, the blog stated.
While Facebook's payouts may seem extremely generous to some, it pales in comparison to what others companies offer for similar services. PC Magazine reports that Google and Mozilla often pay bounties of $3,000 or more to users who report loopholes. On a similar note, in 2007 the Business Software Alliance announced that tipsters who report their company's illegal use of unlicensed software could earn payouts of up to $1 million