Social networking giant Facebook has paid over USD 3 million since 2011 to security researchers who report bugs on its website, with India topping the tally with the largest number of valid threats reported.
India, which has over 112 million Facebook users, cornered an average reward of USD 1,343 (about Rs 84,000) in the US-based firm's Bug Bounty programme. "India contributed the largest number of valid bugs again this year at 196, with an average reward of USD 1,343," Facebook said in a post.
Egypt and the US followed at the second and third spots by volume, with 81 bugs and 61 bugs, respectively, and an average reward size of USD 1,220 and USD 2,470, it added. The UK, which took the fourth spot in reporting bugs, earned the highest amount per report in 2014, receiving an average of USD 2,768 for 28 bugs.
The Philippines was at fifth, earning a total of USD 29,500 for 27 bugs, it said. A bug is an error or defect in software or hardware that causes a programme to malfunction. It often occurs due to conflicts in software when applications try to run in tandem. While bugs can cause software to crash or produce unexpected results, certain defects can be used to gain unauthorised access to systems.
"We've paid out more than USD 3 million since we got started in 2011, and in 2014 we paid USD 1.3 million to 321 researchers across the globe. The average reward in 2014 was USD 1,788," Facebook Security Engineer Collin Greene said in the post. Sixty-five countries received rewards this year, representing a 12 per cent increase from 2013 and the social networking platform, which has a user base of over 1.39 billion, now has 123 countries reporting bugs, he added.
"Submissions increased by 16 per cent to 17,011. We are happy to see that the programme is continuing to produce high quality reports. 61 of last year's eligible bugs were categorised as high severity, 49 per cent more than the previous year," Greene said.
The top five earners last year collectively netted USD 2,56,750. Facebook also paid security researcher Laxman Muthiyah a reported USD 12,500 (around Rs 7.5 lakh) for discovering a bug that allowed him to delete any user's photos or albums on the social network, without their permission.