Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Facebook Paid $936K to Security Researchers in 2015, $4.3M in Last 5 Years
#1
Indian security researchers made the most money

Facebook has revealed it awarded bug bounty rewards in excess of $936,000 (€833,500) in the past year, and more than $4.3 million (€3.83 million) since the program launched in 2011.

Facebook has one of the most famed and respected bug bounty programs around, and that's why many security researchers flock to work with the company, even if sometimes things don't go as planned.

Facebook rewarded 526 out of 13,233 bug reports in 2015

According to statistics released by the company, during the past year, 5,543 researchers from 127 countries submitted 13,233 bug reports, which Facebook's security staff diligently reviewed and tested.

A total of 526 reports were considered worthy of a bug reward, which pocketed 210 researchers well over $936,000 (€833,500) in bug prizes. 102 of these bugs were labeled as high impact vulnerabilities, a number that is 38% higher than last year's figure.

As Facebook's Reginaldo Silva reveals, most bug bounty rewards went to researchers from India, Egypt and Trinidad and Tobago, and the company awarded prizes at an average of $1,780 (€1,584) / per vulnerability.

Some researchers found severe site-wide vulnerabilities

This past year's highlights include three vulnerabilities which many hackers would have wanted to discover before the security researchers.
First there was a bug which allowed attackers to bypass Facebook's site-wide CSRF protection system. This bug was discovered by Pouya Darabi, who received $15,000 (€13,350) for his effort.

Then there was another CSRF issue in Facebook's Messenger.com service, first reported by Jack Whitton, who also discovered a wormable XSS vulnerability later on. The CSRF vulnerability was also reported by more than 15 security researchers, within minutes after the Messenger.com service launched.

And there was also the issue related to GraphQL, discovered by Philippe Harewood, who found out that he could abuse the GraphQL function to make assumptions about data he should not have been able to access in the first place. This discovery pocketed Mr. Harewood $5,000 (€4,450).

SOURCE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Facebook makes key Instagram security tool Pysa available to users dhruv2193 1 1,719 11-25-2023 , 09:16 AM
Last Post: Patrick77
  New ways to phish found by academic researchers mrtrout 0 519 01-07-2022 , 12:14 AM
Last Post: mrtrout
  APT Charming Kitten Pounces on Medical Researchers Bjyda 0 1,036 03-31-2021 , 09:40 PM
Last Post: Bjyda
  Updated Minebridge RAT Targets Security Researchers Bjyda 0 742 02-24-2021 , 11:34 PM
Last Post: Bjyda
  70TB of Parler users’ messages, videos, and posts leaked by security researchers baziroll 0 1,046 01-11-2021 , 10:37 PM
Last Post: baziroll

Forum Jump:


Users browsing this thread: 1 Guest(s)