Facebook launched Hacker Plus, a loyalty program that offers incentives to security researchers with additional rewards and benefits. It is the first-ever loyalty program for a tech company’s bug bounty platform.
Any researcher who submitted or submits bugs to Facebook’s bug bounty program is automatically included and ranked inside the Hacker Plus loyalty program. They will be eligible for additional bonuses on bounty awards, access to more soon-to-be-released products and features they can stress-test, and exclusive invites to some of Facebook’s annual events.
The researchers are eligible to receive Hacker Plus bonuses on top of a standard bounty award. Based on the scores, bug hunters will be placed inside one of five tiers or leagues namely Bronze, Silver, Gold, Platinum, and Diamond.
Researchers in Facebook’s Bronze league which is the entry-level of five tiers will receive a 5 percent bonus on top of each bounty they receive. The highest tier is the Diamond league and the members will get a 20 percent bonus on top of each bounty award.
From now on, Facebook will regularly evaluate the placement of the researchers by analyzing their score, signal and number of submitted bug reports within the last 12 months.
It is possible for the researchers to move up a league (tier) if they submit more high-quality bug submissions. When a researcher meets a higher league’s criteria, they will immediately get placed into that league.
Facebook states that they pay a minimum of $500 for a bug bounty. Last year alone, Facebook rewarded more than $2.2 million to researchers from 60 countries, which makes it a total of more than $9.8 million since the program started in 2011. The average bounty award was $1,500 and the highest single bounty award in 2019 was $65,000.
In addition, Facebook also launched a new tool for bug hunters called FBDL (Facebook Bug Description Language). This tool would help bug hunters write better descriptions for the security flaws they find, so it will be easy for Facebook’s staff to reproduce bugs easily when analyzing submitted reports.
Facebook said that bug hunters who use FBDL can expect their bug submissions to be resolved faster. The company is also planning to add a monetary bonus for verified bugs that come with an FBDL description.