Facebook's Bug Bounty program which rewards security researchers who report security issues to the company, has paid out more than $1 million in bounties so far, according to the company.
Facebook said that 329 people had received a bounty so far, including professional researchers, students or part-timers. These researchers are spread across 51 different countries, and only 20% of bounties paid out so far have been to US-based recipients.
The countries with the most bounty recipients are, in order, the US, India, UK, Turkey, and Germany. The countries with the fastest growing number of recipients are, in order, the US, India, Turkey, Israel, Canada, Germany, Pakistan, Egypt, Brazil, Sweden, and Russia.
Facebook's largest single bounty so far has been $20,000, but some individual researchers have already earned more than $100,000. Two recipients have since taken full-time jobs with the Facebook security team.
"This early progress is really encouraging, in no small part because programs like these can have a significant impact on our ability to keep Facebook secure," Collin Greene, a Facebook Security Engineer wrote in a blog post.
As the program continues to expand, Facebook shed more light on the general criteria the company uses to determine the amount to pay researchers when they submit a bug. Facebook bases these decisions on four primary factors: impact, quality of communication (detailed instructions on how to reproduce the issue), target (Facebook.com, Instagram, HHVM, and Facebook's mobile applications), and secondary damage ( bugs that lead Facebook's engineers to more bugs get bigger payouts.)
If you're interested in participating in the program, please head to https://www.facebook.com/whitehat/ to learn more.