For its bug bounty scheme, Facebook has introduced a number of updates, including incentive incentives for committed researchers, as well as a quicker bug triage procedure.
As part of Hacker Plus, a loyalty scheme designed for all researchers who deliberately find flaws in their goods, additional incentives and perks, Facebook reports, are being offered. Researchers will also have access to items and features that will be launched soon, as well as invites to annual meetings.
The Hacker Plus software has five divisions, the deciding criterion for being put in a division or another is the total number of “submissions, ratings and signal-to – noise ratio over the last 24 months”.
Researchers are entitled to earn incentives ranging from 5 percent (Bronze league) to 20 percent (Diamond league) on top of each bounty they are issued, depending on the league. Beginning October 9 at 12:00 a.m., all bounty rewards were received. Facebook claims that UTC contains the accompanying Hacker Plus bonus.
An Oculus Quest 2 headset (64 GB) will also be issued to researchers who enter the Diamond league before the end of the calendar year. You will find more detail on qualifications and incentives on the reward programme ‘s website.
“The eligibility of the League is determined on a rolling basis of 12 months, so it is always possible to reach the top at any time of year,” says Facebook.
In addition, the social network site stated that the triage of vulnerability bugs identified by its bug bounty scheme was simplified to improve productivity and reduce the timeline for answer.
For that, the company launched a platform that leverages Facebook Bug Description Language (FBDL) to help researchers use a regular bug description language to rapidly and efficiently set up bug replication moves.
FBDL can help researchers create a test environment rapidly and conveniently provide Facebook with details about how to replicate an error, now released to the stable channel.
“It would make our method of intake smoother and more structured. Researchers who are interested with our bug bounty scheme come from all over the globe and speak a host of languages. By offering a shared language to display results and possible effects, FBDL would help make bounty reports easier to send, Facebook says.
FBDL is supposed to result in faster input from experts, and can also speed up payout decisions. The method, which has also been used internally on Facebook, makes the assessment of bug reports more accurate and decreases the time taken for researchers to provide additional details on how a possible vulnerability works and replication measures.
“We will issue a bonus to researchers who send confirmed bug reports and earn a bounty award beginning at 12:00 a.m. as a further encouragement to use FBDL. On October 9, 2020 UTC. Facebook states that the payout will be 5% of the base bounty reward, but not more than $500 (note, the base bounty reward does not include Hacker Plus bonuses).
It is important to find details regarding qualifying here.