Facebook Pays $40G to Hackers in New 'Bug Bounty' Scheme



Since launching its "bug bounty" program three weeks ago, Facebook has forked out $40,000 to hackers who detected security flaws on the social networking site.

About fifty people who have successfully identified problems have been acknowledged on Facebook's "whitehat" -- geek-speak for a hacker who is a good guy -- site, and to date, Facebook has paid one individual $7,000 for flagging six issues and $5,000 for a particularly bad flaw, the Financial Times reported Wednesday.

"We realize … that there are many talented and well-intentioned security experts around the world who don't work for Facebook," Facebook's chief security officer, Joe Sullivan, wrote on the company's blog Monday.

"We established this bug bounty program in an effort to recognize and reward these individuals for their good work and encourage others to join," he added.

Facebook said that while it had received time-wasting alerts from people "looking for publicity," the program was a success.

The social networking site promises hackers protection from legal action if they have to break the law to spot a security issue on Facebook.

"If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you," Facebook said.

Facebook is not the first tech company to offer such rewards, with Google and Mozilla running similar schemes to pay hackers who identify vulnerabilities in their systems.