Zuckberg Shells out $40K to So-Called Bug Bounty Hunters — Just a Stunt?
1:56 pm, August 31st | by Amy Tennery
When Mark Zuckerberg announced a new crowd-sourcing-esque program to track down security flaws with his social networking site three weeks ago, he likely didn’t anticipate the extent of the damage that might crop up. Well, probably no one did.
But, in that time, the Zuck has paid off amateur hackers to the tune of roughly $40,000, according to IBT. The news is somewhat alarming, when one considers that (as recently at April 2010) roughly 20 percent of Facebook employees specialized in site security. One of five people at your company works in security and you still need outside security assistance? Yikes.
Now, before you go saying that $40,000 in three weeks isn’t all that much, here are two stats from IBT to put it into perspective: 1) To date, Google has shelled out just $300,000 for similar bug tracking. That means that in less than a month, Facebook paid out roughly 13 percent of what Google has… ever. 2) The minimum amount Facebook paid bug hunters was a paltry $500 a pop — meaning that as many as 80 serious security breaches were tracked down by amateur hackers. Again, that’s 80 in just three weeks.
Now, admittedly, Facebook has always been a source of security related headaches. But this most recent stat also reveals a great deal about Zuckerberg’s Achille’s heel: trust. This is an image sis (and recently departed marketing director) Randi Zuckerberg didn’t really help much when she announced that “anonymity on the Internet has to go away.” Yeesh.
So making a big deal of shelling out cash in a crowd-sourced security enhancement program? It seems a bit fishy. And let’s not forget that this program was rolled out right around the same time that Facebook promoted a new guide to users, helping them enhance their privacy and security settings. Coincidence? We’d say no.
Of course, if it were, this would be the worst timing ever, wouldn’t it?