Facebook just launched a unique loyalty program called Hacker Plus for the company’s bug bounty platform. This loyalty program is the first of its kind for a technology giant. Similar loyalty programs have been launched by airlines and hotels. Hacker Plus’s purpose is to provide additional bonuses and perks to bug bounty hunters and security researchers based on their reports.
Meet Facebook’s Hacker Plus Loyalty Program
If you are a researcher and submit issues to Facebook’s bug bounty program, you will be automatically included in Hacker Plus and ranked inside. The tech giant will regularly evaluate security researchers’ performance according to score, cumulative quantity, and signal-to-noise ratio over the past year. Based on these criteria, researchers will be divided into five leagues: bronze, silver, gold, platinum, and diamond.
The loyalty program also gives “expanded private access to private bounties for unreleased products and features”, VIP perks (including paid travel and accommodation) to Facebook’s annual hacker events, and bonuses on top of standard awards.
Bug bounty hunters and security researchers are invited to submit high impact bugs to the company’s Bug Bounty program. This way, they will be automatically placed into a Hacker Plus league. Shortly said, the higher the league the researcher is in, the more rewards they may earn. However, note that placement into higher tier leagues requires meeting additional criteria. More information is available on Hacker Plus’ Terms and Conditions page.
Facebook Also Releases FBDL Tool to Improve Bugs’ Descriptions
The Hacker Plus loyalty program is not the only novelty Facebook offers to researchers. The tech giant launched a new tool named FBDL, or Facebook Bug Description Language. The tool should help bug hunters to write better descriptions of security flaws. Better descriptions will help Facebook’s staff to reproduce bugs easier when analyzing the submitted reports.
Researchers and bug hunters who use the FBDL tool will benefit, as their bug submissions will be resolved faster. To improve the tool’s adoption, Facebook will also add a monetary bonus for verified vulnerabilities submitted with an FBDL description. This bonus will be 5% of the base bounty award, no more than $500.