India has topped the list of 127 countries that have participated in Facebook’s Bug Bounty programme. It has the highest number of participating security researchers at 205 and is also the country with the most paid bounties, which have amounted to Rs 48.4 million so far.
In 2015, the company received 13,233 submissions from 5,543 researches in 127 countries. In turn, it paid bounties worth $936,000 to 210 researchers, who had submitted 526 valid reports. The average payout was $1,780, with India, Egypt and Trinidad and Tobago getting the highest number of payouts.
Facebook said that it pays participants on the basis of a bug’s risk, rather than complexity or cleverness. “This means you can maximise the value of your report by focusing on high-impact areas and submitting good quality report,” Adam Rudderman, technical manager at Facebook’s Bug Bounty programme said in a statement.
For instance, bugs that impact end users are the most important, along with factors such as the difficulty of exploiting the vulnerability, the technical skills required for an attack, and if the bug violates the intended use of the product.
“Facebook receives more and more high-impact hugs from India each year, reflecting the growing sophistication and technical capabilities of the country’s engineering schools and cyber security programmes,” Ruddermann said.
Earlier this month, 22-year-old Indian security researcher Anand Prakash had hit the headlines when Facebook awarded him $15,000 for spotting a bug that let him hack any user’s account.