Home PC News Facebook launches Hacker Plus loyalty program and FBDL bug description language

Facebook launches Hacker Plus loyalty program and FBDL bug description language

Facebook is launching a new loyalty program for white-hat hackers, alongside a new description language designed to standardize the process for reporting bugs.

The Facebook Bug Description Language (FBDL) is rolling out for all researchers starting today, after it was initially made available to a handful of researchers as part of an alpha program earlier this year.

In a nutshell, FBDL is designed to help researchers from all backgrounds and languages easily communicate and set up bug reproduction steps using a standard description language.

Above: FBDL

Engagement

The social networking giant first launched a bug bounty program way back in 2011, and in the intervening years it has paid out nearly $10 million in rewards to security researchers who find glitches in the company’s software. To incentivize more engagement from the “ethical hacker” community, Facebook is now introducing Hacker Plus, a program that offers performance-based rewards including bonuses, all-expenses paid trips to special events, and early access to stress-test new products and features.

Hacker Plus adopts a league-based setup with five divisions, starting from the entry-level Bronze league all the way up to the top Diamond league. Someone in the Bronze league can receive 5% on top of each bounty award, while someone in the Diamond league can receive 20% and paid trips to live hacking events.

Above: Hacker Plus program setup

Security researchers will be automatically placed into leagues based on the quality and quantity of their bug submissions over the past 24 months. This includes their “signal-to-noise” ratio, which means the number of valid vulnerabilities that have been identified and resolved, versus submissions that are duplicates or not “real” bugs. Moving forward, Facebook said that the company will “regularly evaluate” league positions by analyzing researchers’ performances over the preceding 12 months, meaning that hackers can move up and down the ladder.

While there is no way to opt out of the program, the individual league positions are private to each researcher unless they choose to share it publicly on their Hacker Plus profile. But it’s easy to see how this could become addictive, given the way it gamifies bug-hunting and encourages researchers to pit their wits against their peers and earn new profile badges when they advance to a higher league.

The bug bounty market has risen steadily year-on-year over the past decade, with most of the big technology companies now offering some form of reward structure for finding vulnerabilities. Google, for example, paid out $6.5 million last year, almost double the amount it paid out the previous year, taking its total bounty payouts to $21 million since 2010. Microsoft, on the other hand, recently announced that it had doled out $13.7 million in the past year, around three times the figure on the previous 12 months.

Dedicated bug bounty platforms are also coining it in too, with San Francisco-based Bugcrowd recently securing $30 million in financing, which followed shortly after Hackerone’s $36.4 million raise.


You can’t solo security

COVID-19 game security report: Learn the latest attack trends in gaming. Access here


Most Popular

DeepMind’s improved protein-folding prediction AI could accelerate drug discovery

The recipe for proteins — large molecules consisting of amino acids that are the fundamental building blocks of tissues, muscles, hair, enzymes, antibodies, and...

Aurora Solar raises $50 million to streamline solar installation with predictive algorithms

San Francisco-based Aurora Solar, which taps a combination of lidar sensor data, computer-assisted design, and computer vision to streamline solar panel installations, today announced...

SAB Biotherapeutics Awarded $57.5M from BARDA and U.S. Department of Defense for Manufacturing of SAB-185 for the Treatment of COVID-19

SIOUX FALLS, S.D.–(BUSINESS WIRE)–November 30, 2020– SAB Biotherapeutics (SAB), a clinical stage biopharmaceutical company developing a novel immunotherapy platform to produce specifically targeted, high-potency, fully...

How to productionalize your AI initiatives — for success (VB Live)

Presented by Dataiku For developing an AI pipeline, the most pressing consideration is which of the three primary operating models will work best for you....

Recent Comments