Facebook pays security bug bounty hunters $40,000 in three weeks

Facebook has revealed its security bug bounty initiative has paid out more than $40,000 in just three weeks – but has not revealed how many security vulnerabilities have been reported or how many have been fixed.

Facebook has revealed its security bug bounty initiative has paid out more than $40,000 in just three weeks.

But the social networking firm has not revealed how many security vulnerabilities have been reported or how many have been fixed.

Facebook has joined a growing list of large software firms and internet service providers who reward researchers for finding security vulnerabilities.

The basic rate is $500 for each vulnerability, but Facebook has indicated it is willing to pay more if the discovered flaw is a major one.

One bug hunter, for example, has received more than $7,000 for six different issues, while another was paid $5,000 for a single report, according to ZDNet.

Despite the success of the bug bounty initiative, Facebook has no plans to extend it to include Facebook apps and websites with Facebook plug-ins, because that could involve hundreds of thousands of third-parties.

Facebook says instead it will rely on its dedicated Platform Operations team that monitors partners and audits their security and privacy practices. Facebook also uses a variety of system tools to detect and disable malicious applications automatically.

In August, Microsoft put up more than $250,000 in prizes for developing computer protection technologies.

The BlueHat Prize competition is aimed at stimulating research in defensive computer security technology. Microsoft hopes the competition will provide enhanced security for the Windows operating system (OS), as well as for the applications that run on Windows OS.

Read more on IT risk management