For a technology company, a bug bounty program has become essential. Facebook launched its in 2018 and has continued to develop it since then. The latest innovation from the social network is that they launched a loyalty program, Hacker Plus, on October 9th to reward researchers who uncover a security vulnerability in the company.

Top researchers receive up to 20% bonus on their bounties

From the very beginning, the goal of Facebook’s Bug Bounty program was to build an army of cybersecurity researchers to spot the slightest bug in any of the social networking services or products. With the Hacker Plus loyalty program presented on October 9th, Facebook is expressing this ambition to make permanent use of the services of researchers.

All hackers who have been paid or are doing so to send a bug to Facebook will be automatically enrolled in the program. The score is calculated using various criteria, such as: B. based on the number of errors identified and validated by the company or the difficulty of finding them. This score will be available on a private site.

Based on this score, the researchers are placed in a playful ranking system reminiscent of video games: the bronze, silver, gold, platinum and diamond leagues. Depending on the league in which the researchers are placed, they benefit from a more or less important bonus in addition to their bonus: “Researchers in our bronze league receive a bonus of 5% in addition to every bonus they receive. Diamond League members receive a bonus of 20% in addition to each bonus, ”explains the company in a special Hacker Plus contribution.

Members of the top, platinum, and diamond leagues are invited to special events, particularly to test Facebook features that are not yet available to the general public. The social network explains “to want to reward efforts to make Facebook applications and services more secure”.

Facebook gives itself the opportunity to preserve its army of insect hunters

Together with Hacker Plus, Facebook’s bug bounty program benefits from an innovation, FBDL (Facebook Bug Description Language). This system should make it easier for bug hunters to describe a security gap and thus accelerate its consideration by the company departments. According to ZDNet, FBDL users could be granted a 5% bonus (up to a limit of $ 500) to speed implementation. With these new enhancements, Facebook has all the cards on hand to attract the most motivated vulnerability researchers. It remains to be seen whether they will use this.