Facebook has announced new bonuses for bug bounty hunters who find bugs on its platform in a newly announced reward system called Payout Time Bonus that gives researchers extra bonuses when they find bugs on the platform.
Facebook recognizes the value external security researchers can bring to the security of Facebook systems, and welcomes and seeks to reward eligible contributions from security researchers.
Facebook Bug Bounty Program Scope
To be eligible for a bounty, you can report a security bug in Facebook or one of the following qualifying products or acquisitions in the Facebook family:
- Internet.org / Free Basics
- Open source projects by Facebook
- Express Wi-Fi
You can learn more about the program here
“Sometimes our impact investigations can lead to significantly higher bounties for researchers, but they can also sometimes take more time to complete. The Payout Time Bonus is meant to also reward our researchers for their patience during this process,” Facebook said in a statement.
The new Facebook bug bounty hunters Payout Time Bonus will work on a sliding scale wherein payouts made between 30-59 days will receive a 5pc bonus, payouts made between 60-89 days will get a 7.5pc bonus and the payouts made after 90 days or more will get a 10pc bonus. Bonus in case of reports that need further clarification from the researchers will get adjusted accordingly.
Facebook doesn’t specify the minimum bounty for a bug found on its platform. But reports indicate that the company paid a bounty as low as $500 and as high as $80,000 to bug bounty hunters last year.