How Facebook’s New Hacker Plus Program Incentivizes Software Debugging

WM Circle Logo

By: Wise Marketer Staff |

Posted on October 16, 2020

Bugged Out On Rewards

Loyalty has the power to spur purchase behavior, fuel brand affinity, and create a continuous cycle of emotional engagement between customers and organizations. But the concepts that make loyalty so successful can be used for a variety of applications outside the traditional sales environment of the customer-facing business model. That’s exactly what Facebook is banking on with its brand new innovative loyalty program called “Hacker Plus”, designed to incentivize the traditional bug-discovery phase of software development with relevant rewards.

The new bug bounty rewards program, announced last week, is an industry first by Facebook’s own assertion. The idea is simple: aimed at a technical audience including researchers and software enthusiasts, Hacker Plus encourages users to engage with Facebook software including new and existing technology by placing participants into tiers through analysis of key performance metrics such as score, signal and number of submitted bug reports, ultimately determining the amount of reward they will receive.

Hacker Plus Program Aims to Build Community

“Hacker Plus is designed to help build community among the researchers who participate in our bug-bounty program, in addition to incentivizing quality reporting,” Dan Gurfinkel, security engineering manager with Facebook, said in a recent statement.

This community aspect is vital for instilling deep feelings of valued participation, especially in a time where remote work environments are becoming the norm. To build in a greater sense of affiliation and gamify elements of the overarching experience, Hacker Plus will have five “leagues” — from an entry-level Bronze, through to Silver, Gold, Platinum, and Diamond. Researchers are placed into their respective leagues based on the cumulative quantity of their submissions and scores over the last 24 months.

Each league will have access to a unique suite of rewards, specifically tailored to the specialized nature of the software development industry and the intimate tastes, preferences, and values of a very tight-knit community of participants and researchers. And a strategic implementation of value-add bonuses on top of the accumulated “bounty” (a reward format which was introduced in 2011 and focuses on compensating participants with cash; Bug Bounty has paid out more than $7.5 million since its inception). For instance, Bronze tier members will receive a 5 percent bonus on top of each bounty they receive while Diamond tier members will earn a 20 percent bonus. Diamond-level researchers also gain access to various events, including live hacking events, Facebook’s F8 conference and DEFCON.

Access to the new program is determined in part by past success and validated participation in the initial generations of Bug Bounty; it is open to researchers who submitted at least one valid vulnerability report and received a payout according to Facebook’s terms and conditions. Upon entry, it is possible to engage with current status level on the participant’s tier profile page, and to move up in levels through proven performance and dedicated participation: “…we’ll regularly evaluate researchers’ league placement by analyzing their score, signal and number of submitted bug reports within the last 12 months,” said Gurfinkel. “This means researchers can move up a league if they submit more high-quality bug submissions. Once a researcher meets a higher league’s criteria, they will immediately be placed into that league.”