When it comes to bug bounties, Facebook improving its system to keep it on bounty hunters’ radar. In the latest development, Facebook said it would add a new set of bonus rewards when it pays out on a report if more than 30 days have passed since Facebook first received it.the likes of Microsoft and Google in terms of overall payouts and volume of tips received: last year, Microsoft and Google respectively paid out $13.6 million and $6.7 million; Facebook meanwhile paid out just $1.98 million as of November. But on the other hand, Facebook’s younger company is
The Payout Time Bonus, as Facebook is calling it, will work on a sliding scale, where payouts made between 30-59 days will get a 5% bonus; payouts made between 60-89 days will get a 7.5% bonus, and payouts made after 90 days or more will get a 10% bonus. Facebook doesn’t specify the base amount, but in its last round of bounties, its highest payouts per bug were as much as $80,000 and $60,000, with some $40,000 paid out in its existing bonus program. But payments might be as low as $500.
The extra money will work as a kind of incentive to bounty hunters who make a living from these tips so that when powerful platforms to ensure that they are making their bug-ridden environments more or as “attractive” as others to get people to contribute to their work.paying out for legitimate tips, the bug hunters know they’ll get a more lucrative reward for their work in the end — rather than get turned off from working on Facebook-property bugs altogether. Bug hunting has become a big business for , making upwards of $1 million annually from the programs. But bounty hunting is a double-edged sword: it focuses , but in doing so, they spend more time there than looking for vulnerabilities in some places than others. That leads the most
ongoing payout guideline series shares more details to help external researchers better understand our payout decisions. We have published three guidelines and will publish more in the future.”that it determines bounty amounts based on various factors, including (but not limited to) impact, ease of exploitation, and quality of the report. “If we pay a bounty, the minimum reward is $500,” they told me. “We reward researchers based on the maximum possible impact of their report that we find during our internal investigation of each bug, rather than based on the impact . “Sometimes our impact investigations can bounties for researchers, but they can sometimes take longer. The Payout Time Bonus is also meant to reward our researchers for their patience during this process. “Our