Facebook Inc (NASDAQ:FB) noted a massive reduction in annual payouts for securities issues, and this is good news according to the company. The company paid $300,000 less during 2015 than it had paid in 2014.
Facebook also reported that it has received fewer bugs submission and credible reports during 2015, in comparison to other years. Facebook introduced this program of paying for bugs report in 2011 with the primary purpose of eliminating them from their site. Once a programmer detects a bug, they should report this to the Facebook security center, and they get paid.
Last year Facebook paid about $936,000 for a total of 526 valid bugs report. This amount was paid to 210 researchers. This figure is down from $1.3 m, which Facebook paid to 321 researchers in 2014, or $1.5m it paid in 2013. Valid submissions also dropped from 17,011 to 13,233 between 2014 and 2015 respectively.
According to Facebook’s Security engineer Reginaldo Silva, Facebook is getting better at catching traditional web applications, the likes of Cross-site Request Forgery and cross-site scripting. This has influenced the reduction in the amount paid. Further, it has also resulted in programmers being forced to look for high impact bugs. Silva also noted that as the program matures traditional security issues would decrease. Silva also noted that a majority of their participant were focused on researching business logic.
The new focus on weakness in Business logic is quite useful to Facebook since it allows the company to eradicate entire classes of vulnerability at once. This is according to Silva. He also noted that last year high, impact submission totaled 102 reports, and this was high by 38% in 2014. He also noted that Facebook reported 61 eligible bugs, which were categorized as ‘high severity’, and this marks a 49% increase from the previous year.
One figure, which particularly was constant, is the average payout. In 2015, it was $1,780 while in 2014 it was $1,788. Researchers from India were the top recipient of these payout followed by Egypt, Trinidad, and Tobago. Researcher from UK and US who were second and third in 2013 came in at numbers 5 and 6.