A 10-year-old coding enthusiast from Finland has become the youngest recipient of a bug bounty after Facebook awarded him a whopping $10,000 for finding a vulnerability in Instagram.
The young white hat, who goes by the name “Jani,” has been interested in coding for several years now and has his heart set on a “dream job” in information security, according to local paper, Iltalehti.
Learning from instructional videos on YouTube, Jani and his twin brother have apparently found security holes in code in the past but they were too small to pay out any money.
The bug in question could allow remote attackers to delete other people’s comments, according to the report.
As for what the 10-year-old will do with the $10,000 bug bounty, he’s apparently set to spend at least the first small portion of it on a new football and a bike.
Launched five years’ ago, Facebook’s bug bounty program has paid out more than $4 million to hundreds of researchers.
Having bought Instagram in 2012 for $1bn, Facebook then brought the photo sharing site under the auspices of the same scheme.
It’s probably easier today to name the tech companies that don’t have such a program than ones which do.
Even non-Silicon Valley firms are now getting involved, as computer code finds its way into an increasingly diverse set of products and industries.
General Motors, Uber, United Airlines and even the Pentagon have all announced similar schemes in the past few months.
The rewards offered are based on the severity of the vulnerability discovered, but vary from one firm to the next.
Just last week, Google announced nine new patches for its Chrome browser which earned white hats a combined $14,000.
It can mean big pay-outs for the very best researchers out there: in 2014, Microsoft awarded its first ever $100,000 bounty to a researcher who found a bug in Windows 8.