Facebook Pays Russian Hackers More
Facebook has paid Russian hackers $150,000 over the last year for discovering a number of vulnerabilities in the social network as part of its Bug Bounty program
Apr 09, 2014
Facebook has paid Russian hackers $150,000 over the last year for discovering a number of vulnerabilities in the social network as part of its Bug Bounty program, mail.ru reports quoting a signed by the company’s leading engineer, Colin Greene.
According to the aggregate amount of remuneration Russians have taken first place in the payments race while only discovering a total of 38 bugs. Each of them was estimated, on average, to be worth $4,000 to the programmers. In comparison, Indian programmers found 136 errors but the average size of payment for each amounted to only $1,300.
The fact that Russian hackers were given more money can be explained by the fact that they were able to identify a vulnerability that was seen by Facebook as a more serious security threat than those discovered by others.
"This is clear evidence of how highly-qualified Russian programmers are," said the CEO of MyApps and LifePay Vyacheslav Semenchuk.
"Russia is famous for extremely capable mathematicians, programmers and security specialists. A combination of luck, knowledge about where to look and, of course, the professionalism of Russian security experts helped them to discover these significant errors. Indeed, Russians are ahead of the rest. All major [software] releases are known to employ Russian developers, including international projects. And the chances that Russian specialists will find a mistake is higher," said Semenchuk.
The $150,000 that Facebook paid to Russian programmers is a very small amount for the world’s largest social network, said the CEO of 1C-Bitrix Sergei Ryzhikov.
"Generally speaking, roughly 10 percent of the total bonus pool was paid [to Russians]. It is a small amount. Why do companies run such programs? Why are they willing to pay such large amounts of money? The fact is, non-standard logical thinking is an important part of searching for vulnerabilities. It is important to consider options that have not been thought of before. The Russians were just more original in their thinking when discovering a particular vulnerability."
Facebook launched its Bug Bounty program for developers who identify errors in 2011. Its purpose is to strengthen the protection of the world’s largest social network from hackers. The company offers a cash reward to independent researchers who inform engineers of vulnerabilities. The amount of remuneration is arranged individually. The more important the discovery, the larger the premium the company pays.
According to the aggregate amount of remuneration Russians have taken first place in the payments race while only discovering a total of 38 bugs. Each of them was estimated, on average, to be worth $4,000 to the programmers. In comparison, Indian programmers found 136 errors but the average size of payment for each amounted to only $1,300.
The fact that Russian hackers were given more money can be explained by the fact that they were able to identify a vulnerability that was seen by Facebook as a more serious security threat than those discovered by others.
"This is clear evidence of how highly-qualified Russian programmers are," said the CEO of MyApps and LifePay Vyacheslav Semenchuk.
"Russia is famous for extremely capable mathematicians, programmers and security specialists. A combination of luck, knowledge about where to look and, of course, the professionalism of Russian security experts helped them to discover these significant errors. Indeed, Russians are ahead of the rest. All major [software] releases are known to employ Russian developers, including international projects. And the chances that Russian specialists will find a mistake is higher," said Semenchuk.
The $150,000 that Facebook paid to Russian programmers is a very small amount for the world’s largest social network, said the CEO of 1C-Bitrix Sergei Ryzhikov.
"Generally speaking, roughly 10 percent of the total bonus pool was paid [to Russians]. It is a small amount. Why do companies run such programs? Why are they willing to pay such large amounts of money? The fact is, non-standard logical thinking is an important part of searching for vulnerabilities. It is important to consider options that have not been thought of before. The Russians were just more original in their thinking when discovering a particular vulnerability."
Facebook launched its Bug Bounty program for developers who identify errors in 2011. Its purpose is to strengthen the protection of the world’s largest social network from hackers. The company offers a cash reward to independent researchers who inform engineers of vulnerabilities. The amount of remuneration is arranged individually. The more important the discovery, the larger the premium the company pays.