Facebook Says it Has Paid Out $40,000 to Bugfinders

Facebook, like other big name computer application companies, has started a program where it pays people to find bugs or errors in its application. The idea being that if such bugs, errors, or security holes can be found by such people Facebook can fix them before they cause problems for the Facebook user community.

Now, according to Robert McMillan in ComputerWorld, it appears its strategy is paying off, literally. In just the first three weeks since the inception of the program, Facebook has already paid out $40,000 (at $500 a pop) to various unnamed people or hackers as the Internet community is calling them. The hackers are sort of like hired guns in the old west, people that may or may not always follow the rules, but in this case, are hired for their unique talents.

Hiring hackers is nothing new; the federal government has been doing it for years. Most who do so see it as a necessity. Due to the complexity of code, and the innumerable ways it’s used, it can be virtually impossible to test every possible scenario. Setting up a program to pay people to find problems is far cheaper than hiring thousands or even hundreds of thousands to do nothing but try to cause a program to crash doesn’t make much sense economically. Paying by the find, is much more efficient in that the company or government agency doesn’t have to pay people for the many hours they put into finding such bugs or security problems, just for the final result. When you look at it that way, it’s not really that great of a deal for the hackers. Imagine fooling around with Facebook, trying to sneak in backdoors or running it in weird ways for many hours every day for perhaps months. Then, if you do happen to stumble on a vulnerability you get $500 for all your effort. Nice for Facebook; not so nice for the hackers, thus the ones that are the best at what they do will likely stick with more financially rewarding options.

A side note to the announcement is the disturbing idea that Facebook has so many bugs or security holes in it. At $500 a pop, that’s 80 times the company has paid for a problem it deemed worthy of payment. Seems like a lot. It also makes you wonder what percentage of those were bugs versus security holes and whether Facebook is really fixing them all.


People also view

Leave a Reply

Your email address will not be published. Required fields are marked *