Facebook launches bug bounty 'loyalty program'

Facebook to rank bug hunters based on past activity and provide bonuses and special perks.
Written by Catalin Cimpanu, Contributor
Image: Facebook

Social media behemoth Facebook launched today Hacker Plus, the first-ever loyalty program for a tech company's bug bounty platform.

Designed after the loyalty programs used by airlines and hotels, Facebook said Hacker Plus would provide extra bonuses and special perks to bug hunters based on their past reports.

Any researcher who submitted or submits bugs to Facebook's bug bounty program is automatically included and ranked inside the Hacker Plus loyalty program.

Facebook said it plans "regularly evaluate" security researchers' performance based on the cumulative quantity, score, and signal-to-noise ratio of their bug submissions over the last year.

Based on the scores, bug hunters will be placed inside one of five tiers (leagues): Bronze, Silver, Gold, Platinum, and Diamond.

Each tier comes with its own benefits. The most common benefit is an added bonus for successful bug submissions.

"Starting at 12:00 a.m. UTC on October 9, 2020, bounty awards will include the relevant Hacker Plus bonus on top of the original bounty award total," Facebook said today.

"Researchers in our Bronze league will receive a 5% bonus on top of each bounty they receive. Diamond league members will earn a 20% bonus on top of each bounty award they receive," the company added.

"Researchers in our higher tier leagues — Gold, Platinum, and Diamond — will receive exclusive invites to stress-test new features and products before launch.

"Diamond and Platinum league members will also receive invites to bug bounty events with travel and accommodations provided (event travel subject to change according to company policies around COVID-19)," Facebook said.

Bug hunters are eligible to move up across tiers, and they can track their loyalty program tier ranking on their Facebook bug bounty program profile page.

Additional details are available on the loyalty program's official page.

Facebook launches FBDL

In addition, Facebook also launched today a new tool for bug hunters.

Named FBDL (Facebook Bug Description Language), Facebook said this tool would help bug hunters write better descriptions for the security flaws they find so Facebook's staff can reproduce bugs easier when analyzing submitted reports.

Facebook said that bug hunters who use FBDL can expect their bug submissions to be resolved faster, but the company is also willing to add a monetary bonus for verified bugs that come with an FBDL description — just to get the tool's adoption going.

The bonus will be 5% of the base bounty award, but no more than $500, Facebook said.

Additional details are available on the FBDL official page.

HackerOne's top 20 public bug bounty programs

Editorial standards