Facebook pays boy of 13 share of $1m for amateur security testing

329 'bounties' paid out in two years, with two job offers made by social network's 'Bug Bounty' programme

Facebook's "Bug Bounty" programme has paid out $1m in total to users-turned-security-bug-hunters in the past two years, with the youngest recipient being a 13-year-old boy.

The largest single "bounty" has been $20,000, and two recipients have been offered full-time jobs with the Facebook security team.

This information comes from Facebook's blog, which calls its two-year scheme "encouraging", saying that putting quality assurance and testing over to incentivised users has had "a significant impact" on the company's ability to keep Facebook secure.

"After all, no matter how much we invest in security - and we invest a lot - we'll never have all the world's smartest people on our team and we'll never be able to think of all the different ways a system as complex as ours might be vulnerable," said Collin Greene, Facebook security engineer.

Facebook bug bounties begin at $500 (£327), with no maximum reward, and Facebook rewards its researchers on four primary factors - "impact, quality of communication, target and secondary damage", states the blog.

With the rule of thumb "bugs that lead us to more bugs get bigger payouts", Facebook prioritises high-impact vulnerabilities that would allow access to private Facebook data, modifying accounts or running JavaScript through the site.