In its bid to incentivise cyber security researchers with additional rewards and benefits, Facebook has launched an industry-first loyalty programme called Hacker Plus.
As part of Hacker Plus, researchers will be eligible to receive additional bonuses on bug bounty awards, access to more soon-to-be-released products and features they can stress-test, and exclusive invites to the company’s annual events.
Hacker Plus has five leagues, with Bronze as the entry-level tier and Diamond as the highest tier.
Researchers have been placed into leagues based on the cumulative quantity of their submissions, scores and signal-to-noise ratio over the last 24 months, the company said in a statement on Friday.
Researchers are eligible to receive bonuses on top of a standard bounty award.
“For example, researchers in our Bronze league will receive a 5 per cent bonus on top of each bounty they receive. Diamond league members will earn a 20 per cent bonus on top of each bounty award they receive”.
Started from October 9, bounty awards will include the relevant Hacker Plus bonus on top of the original bounty award total.
“We’ll regularly evaluate researchers’ league placement by analyzing their score, signal and number of submitted bug reports within the last 12 months,” said Dan Gurfinkel, Security Engineering Manager, Facebook.
This means researchers can move up a league if they submit more high-quality bug submissions.
Once a researcher meets a higher league’s criteria, they will immediately be placed into that league.
Researchers in higher tier leagues — Gold, Platinum and Diamond — will receive exclusive invites to stress-test new features and products before launch.
“Diamond and Platinum league members will also receive invites to bug bounty events with travel and accommodations provided (event travel subject to change according to company policies around Covid-19),” said Facebook.
To commemorate the launch of Hacker Plus, Facebook is also awarding an Oculus Quest 2 headset to researchers who reach the Diamond league before the end of the calendar year.
Since its inception in 2011, Facebook’s bug bounty programme has offered a series of initiatives to recognise the contributions of the talented community of researchers who help keep Facebook safe.
The Facebook bug bounty programme is now approaching its 10th anniversary.