On Thursday, Facebook announced that India tops the list of countries contributing to its bug bounty program.
Of the 127 countries that participate in Facebook's bug bounty program, India tops the list in both the number of participating researchers and in bounties paid since the program's inception in 2011. According to Facebook's figures, India has had 205 researchers and Rs 48.4 million in paid bounties. Facebook revealed this information following its recent visit to Nullcon, India's largest infosec conference, where it had the chance to meet some of these security researchers face to face and "[t]o our delight, the researchers we met were forthcoming with feedback and questions," said Adam Ruddermann, Technical Program Manager on the Facebook Bug Bounty team. "What transpired was an invaluable exchange of information and experiences about how our team evaluates vulnerability reports, what makes good reports stand out, and what kind of bugs generate the highest payouts." Google, Microsoft, Bugcrowd, and Mozilla's bug bounty teams were also in attendance at Nullcon.
Last month, Facebook revealed its 2015 highlights for the bug bounty program. In 2015, the program received 13,233 total submissions from 5,543 researchers in 127 countries and paid $936K to 210 researchers, for a total of 526 valid reports. This report also noted that the average payout to researchers was $1,780 and that India, Egypt, and Trinidad and Tobago received the highest number of payouts. Last year, 102 bug bounty submissions were rated "high impact," a rise of 38 percent year-on-year but Facebook embraces these reports, saying that the quality of the reports is improving over time and that the best reports come from researchers who prioritize a few important issues rather than submitting several smaller bugs.
Photo: © iStock.