India top ranked in Facebook’s Bug Bounty Programme

Facebook’s " target="_blank">Bug Bounty programme has been hugely bounteous for Indian researchers, having received a whopping Rs 4.84 crore so far for reporting security bugs, identifying vulnerabilities in Facebook's services or infrastructure that can create security or privacy risks.

"India is home to the largest population of security researchers (205) participating in the Facebook bug bounty programme since its inception in 2011. The country also holds the top spot for most bounties paid (Rs 48.4 million)," Adam Ruddermann, a technical program manager on the Facebook Bug Bounty team, wrote in a blog post.

A bug is an error or a fault in a computer program or system that causes it to produce incorrect results, or to behave in unintended ways. It often occurs due to conflicts in software when applications try to run in tandem.

While bugs can cause software to crash or produce unexpected results, certain defects can be used to gain unauthorised access to systems. Thus, the bounty a hacker gets paid is directly proportional to the “potential impact of the bug, what could possibly go wrong, and who would be affected.”

The bug detection and fixing programme has received more than 2,400 valid submissions and has awarded more than $4.3 million to 800-plus researchers globally as of now.

"The primary goal of our programme is to protect the people who use Facebook, so bugs that impact end users are the most important to us. We also consider the difficulty of exploiting the vulnerability and what kind of resources or technical skills a successful attack would require," Ruddermann added.

Indian security researchers also earned the highest payout in 2015. According to Facebook, it has been receiving more and more high-impact bugs (related reports) from India each year, which reflects the growing sophistication and technical capabilities of the country's engineering schools and cyber security programmes.