14 DAY TRIAL // Earlier this week, Facebook published a report for its bug bounty program. The company has revealed that it has rewarded hundreds of researchers since the program was launched in 2011.
In 2013, 14,763 vulnerability reports were submitted by researchers, which represents a 246% increase compared to the previous year. However, only 687 of them were considered eligible to receive rewards.
Only 6% of the reported issues were of high-severity and the median response time for addressing them was around 6 hours. The average reward handed out by Facebook to researchers last year was $2,204 (€1,600). In total, the social media company gave out $1.5 million (€1.08 million).
This year, the volume of high-severity issues has dropped, and experts say it’s becoming more difficult to find such vulnerabilities, the company reports.
Most of the bugs discovered in 2013 impacted websites operated by the companies acquired by Facebook, not the social media platform’s core services. The fact that Facebook wants to make sure the websites and services of the companies it has purchased are also secure shows that the company cares about security and its users’ privacy.
With all the recent spying revelations, it’s becoming more and more important for companies to show their customers that they can use their services safely and without having to worry about their privacy being violated.
After the media started publishing the details of the documents leaked by Edward Snowden, many organizations have come to realize that, in the eyes of customers, security is just as important as the quality of the services they provide.
There are a lot of interesting and useful services out there, but if they’re not secure, the image of the company that provides them can suffer a great deal.
Many major companies pay out large amounts of money as part of their bug bounty programs. On one hand, the costs are probably lower than they would be if they had to deal with a major data breach.
On the other hand, users are more likely to utilize the services of an organization that shows it’s actively involved in making sure its customers’ safety and privacy are protected.
In the case of Facebook, these bug bounty highlights combined with the CEO’s numerous statements about the importance of privacy can only be beneficial for the company.
Now that the world is aware of the capabilities of national spy agencies, it’s becoming more and more difficult for an organization to prove that it’s not collaborating with a government and that it’s not handing over its customers’ information without a good reason.
Bug bounty programs and new systems dedicated to improving privacy are the key to boosting a company’s image.
As far as bug bounty programs are concerned, monetary rewards are the best incentive to get researchers to responsibly disclose their findings. However, as we’ve seen in numerous cases, non-monetary compensation can also do the trick, especially for smaller companies.
Researchers will try to report vulnerabilities to boost their reputation, and customers will at least see that the company in question is trying to keep them safe.