Facebook starts ‘Hacker Plus’ loyalty program for bug bounties

Facebook today launched Hacker Plus – a loyalty program that aims to offer incentives to security researchers with additional rewards and benefits.

In a post by Dan Gurfinkel, a security engineering manager at Facebook, the company said security researchers will be eligible for additional bonuses on bounty awards, access to more soon-to-be-released products and features they can stress-test, and exclusive invites to some of Facebook’s annual events.

According to Facebook, the company pays out a minimum of $500 for a bug bounty. In 2019, Facebook awarded more than $2.2 million to researchers from 60 countries, bringing the total payout since the program started in 2011 to more than $9.8 million. The average bounty award was $1,500 and the top single bounty award in 2019 was $65,000.

Researchers are now eligible to receive Hacker Plus bonuses on top of a standard bounty award. For example, researchers in Facebook’s Bronze league (the entry-level of five tiers) will receive a 5 percent bonus on top of each bounty they receive. Diamond league members (the highest tier) will earn a 20 percent bonus on top of each bounty award.

Starting today, bounty awards will include the relevant Hacker Plus bonus on top of the original bounty award total. Moving forward, Facebook will regularly evaluate the placement of the researchers by analyzing their score, signal and number of submitted bug reports within the last 12 months. Researchers can move up a league (tier) if they submit more high-quality bug submissions. Once a researcher meets a higher league’s criteria, they will immediately get placed into that league.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.