Announcing Hacker Plus
By Dan Gurfinkel, Security Engineering Manager
Since its inception in 2011, our bug bounty program has offered a series of initiatives to recognize the contributions of the talented community of researchers who help us keep Facebook safe. Today we’re launching an industry-first loyalty program — Hacker Plus — designed to incentivize researchers with additional rewards and benefits.
As part of Hacker Plus, researchers will be eligible to receive additional bonuses on bounty awards, access to more soon-to-be-released products and features they can stress-test, and exclusive invites to our annual events. Here’s more details:
- Hacker Plus has five leagues, with Bronze as the entry-level tier and Diamond as the highest tier. Researchers have been placed into leagues based on the cumulative quantity of their submissions, scores and signal-to-noise ratio over the last 24 months.
- Researchers are eligible to receive bonuses on top of a standard bounty award. For example, researchers in our Bronze league will receive a 5% bonus on top of each bounty they receive. Diamond league members will earn a 20% bonus on top of each bounty award they receive.
- Starting at 12:00 a.m. UTC on October 9, 2020, bounty awards will include the relevant Hacker Plus bonus on top of the original bounty award total.
- Starting today, we’ll regularly evaluate researchers’ league placement by analyzing their score, signal and number of submitted bug reports within the last 12 months. This means researchers can move up a league if they submit more high-quality bug submissions. Once a researcher meets a higher league’s criteria, they will immediately be placed into that league. Researchers can view their progress towards advancing to the next league on their researcher profile page: https://www.facebook.com/whitehat/profile/
- The higher the league a researcher is in, the more benefits they gain access to. Researchers in our higher tier leagues — Gold, Platinum, and Diamond — will receive exclusive invites to stress-test new features and products before launch. Diamond and Platinum league members will also receive invites to bug bounty events with travel and accommodations provided (event travel subject to change according to company policies around COVID-19).
- To commemorate the launch of Hacker Plus, we’re awarding an Oculus Quest 2 headset to researchers who reach the Diamond league before the end of the calendar year. Please note this is subject to in-country availability and terms and conditions you can find here: https://www.facebook.com/whitehat/hackerplus/terms.
Hacker Plus is designed to help build community among the researchers who participate in our bug bounty program, in addition to incentivizing quality reporting. As part of this, we’ve updated our Whitehat portal on Facebook, including the design of researchers’ profiles. Researchers can now earn profile badges when they advance to a higher league, participate in private bounties or receive a certain number of bounty awards.
Our bug bounty program is quickly approaching its 10th anniversary. Each year we’ve focused on innovating and expanding the program’s scope and rewards structure. This is only just the beginning for Hacker Plus — we’re excited to grow the loyalty program over time.
We encourage you to visit our new Hacker Plus page, which includes information on the loyalty program and the criteria for each league: https://www.facebook.com/whitehat/hackerplus/
