Thursday, 26 February 2015

India Tops Facebook's Bug Bounty Program Again With Most Recipients

facebook_mac_book_air_2_reuters_with_credit.jpg
Facebook on Thursday revealed its 'Annual Bug Bounty' report of 2014, and once again showed India as its largest contributor in reporting valid bugs, followed by Egypt, the US, the UK and the Philippines.
According to the report, the top five earners in 2014 were rewarded $256,750 (roughly Rs. 1.5 crores). India topped the list with the maximum number of bounty recipients - 196 bugs were reported by India, with an average reward of $1,343 (roughly Rs. 83,100). While Egypt and US earned average rewards of $1,220 and $2,470 respectively, reporting 81 and 61 bugs, the UK earned an average reward of $2,768 over 28 reported bugs. Philippines reported a total of 27 bugs and earned $29,500.
It is worth noting that India in Facebook's 2013 Annual Bug Bounty report contributed the largest number of valid bugs at 136, with an average reward of $1,353 (roughly Rs. 80,000). India was then followed by the US, Brazil and the UK.
Also, the report added that as compared to 2013's 14,763 total bugs, 2014 saw 16 percent increase in bug submissions resulting in a total of 17,011 bugs. Out of the total bug submissions, 61 bugs were categorized under the 'high severity', which is 49 percent more than previous year. The social media giant paid $1.3 million to its 321 researchers worldwide.
Facebook said 61 of 2014's eligible bugs were categorized as high severity, 49 percent more than in 2013. It added the company has paid out more than $3 million since it started the Bug Bounty program in 2011, and in 2014 it paid $1.3 million to 321 researchers across the globe. The average reward in 2014 was $1,788, and 65 countries received rewards - representing a 12 percent increase. The Facebook Bug Bounty program now has 123 countries reporting bugs.
Facebook too mentioned some of its "favourite issues" that helped it "learn and get better". These included the hidden input parameters, Amazon S3 Bucket, and Legacy REST API Calls bugs.
"We're excited to see what 2015 holds for the bug bounty program. Report volume is at its highest levels, and researchers are finding better bugs than ever before. We've already received more than 100 valid reports since the start of the new year," said the report. Details can be found on Facebook's Bug Bounty Page.