Science

Facebook's 'bug bounty' costs company thousands

Three weeks after Facebook started paying independent security experts for each security bug they report on the social networking site, the company has already paid out more than $40,000 US.

Three weeks after Facebook started paying independent security experts for each security bug they report on the social networking site, the company has already paid out more than $40,000 US.

Facebook announced its "bug bounty" on July 29, promising to pay at least $500 for each security bug that is "responsibly disclosed to us."

In a Facebook Security blog post Monday, the company said one person has received $7,000 for flagging six different issues, while another was paid $5,000 for one really good report.

Facebook acknowledged it has also dealt with "bogus reports from people who were just looking for publicity."

Still, the company praised its experience with the bug bounty program so far, saying it has been a "joy to engage in dialogue" and the program has made the social networking site more secure.

Facebook said it launched the program because it wanted to show its appreciation to independent security researchers who had been reporting security bugs.