Facebook reported the highlights of its bug-bounty program in a note posted on Feb. 25, revealing that $1.3 million awards were paid out to 321 researchers around the world in 2014.
A Facebook spokesperson told eWEEK that the single largest payout in 2014 was $30,000, and the top earner collectively earned $86,000 in 2014. While the top single award was $30,000, the average award that Facebook paid was $1,788. Facebook’s bug-bounty program awards researchers for responsibly disclosing security vulnerabilities. Facebook first began its bug bounty program in 2011 and has paid out more than $3 million in awards since then.
Last year, Facebook saw an increasing number of bug reports flow into its bug-bounty program. There were 17,011 bugs filed with the program in 2014, a 16 percent year-over-year gain from 2013. Not all the bugs that Facebook receives have the same effect, and the fact that Facebook got 17,011 submissions from security researchers doesn’t mean that Facebook has that many vulnerabilities. That said, the number of highly severe bugs that are reported to Facebook is, in fact, increasing.