In the last two years, Facebook has paid $1 million to 329 hackers for being able to find the holes Facebook’s own team just can’t see.
The Bug Bounty program launched two years ago in an effort to employ the talent being used in the smart, but underground hacker communities. These folks were likely already doing a little poking and prodding in big companies’ systems, so tech giants such as Google, Facebook, and Microsoft all decided to embrace them.
Facebook’s bug finding-community is made up of security industry professionals, students, and youngsters. Facebook says it has had a 13-year-old report a bounty-worthy bug. Bounties, or the money paid out to a bug-finder, are based on how critical the bug is. In the last two years, the largest bounty paid out was $20,000. But once you hit gold, you don’t have to stop. Some researchers have gotten up to $100,000 from the company.
That’s a lot of holes Facebook is happy to fill.
This kind of program is indicative of the growing respect for the hacking community’s skills. This week’s big security conferences, Black Hat and Def Con, have attracted a large number of recruiters. One woman even held up a sign in the hallways and in panel talks advertising her company’s open positions.
And Facebook is hiring as well. The company says it has already plucked two people from the Bug Bounty program to join the company full time.