The social networking site Facebook has paid out a massive $40,000 in the first three weeks of testing for security bugs and rouge apps.
‘The bug bounty program’ set up by Facebook aims to encourage security researchers to help harden the social networking site against attack. The programme gives monetary rewards to those that find security bugs, the minimum amount paid for the detection of a bug is $500, and it goes up to $5,000 depending on the severity of the bug.
In 2010 Facebook set up a system which promised not to take legal action against those that find bugs.
One security researcher has already been awarded the maximum amount for discovering bugs, and received $7,000 for finding six.
Many cyber criminals have infiltrated Facebook and have been using it as a way of gaining personal information, promoting spam, or selling counterfeit goods.
Many other international companies, including Google and Mozilla, run similar schemes to that of Facebook’s ‘bug bounty program’ and they have proved useful in sourcing out bugs. However hackers may find that they are paid more in the underground market for the information than the organisation is willing to pay, and if that did happen, where would that leave Facebook’s security?