Facebook’s Bug Bounty program has been around since 2011, encouraging security researchers around the world to find flaws in its platform and get a reward in return. The social networking giant has now revealed that India has raked in over Rs 4.84 crore in awards since its inception, propelling it to the top of the list of most bounties granted.
The country even ranks on top for the maximum number of researchers with 205 Indians currently participating in the Bug Bounty program. Anand Prakash, a security engineer working for Flipkart, is a frequent contributor to the enterprise and earlier this month was awarded a whopping $15000 (approx Rs 10 lakh) for finding a major security vulnerability.
Not every discovery gets such a huge payout. Facebook decides the bounty amount based on the degree of the threat and how many users it could have affected instead of how clever or ingenious it is. Accordingly, the bug Prakash uncovered was fairly straightforward to execute but could have allowed hackers to get the login details of millions of Facebook users.
In a blog post, Adam Ruddermann, a technical program manager for Bug Bounty, says that interested researchers should focus on high-impact areas and submit clear reports to ensure a higher payout. The highest-earning participants usually concentrate on inconsistencies in business logic rather than traditional security issues.
Ruddermann also mentions that in-depth reports which contain a step-by-step reproduction of the problem help the Bug Bounty team to process the document quickly and distinguishes it from the hundreds of entries it gets every day. For instance, it had received over 13233 submissions in 2015 alone, but only recognized 526 of them as valid.