The concept of bug bounty is nothing new. You play around with an online service, discover security vulnerabilities and get paid for identifying them for the company instead of exploiting them. Facebook has a bug bounty program as well, and that includes some select acquisitions as well such as Instagram, Onavo, Moves and Parse. Facebook recently announced that it will now extend this program to its latest acquisition, Oculus Rift - a virtual reality product from Oculus VR.
Do these bounty programs really work?
Bug bounties are awarded at the discretion of Facebook's bug bounty team. You have a good chance of winning cash if your bug qualifies. Facebook handed out more $1.5 Million in the last year as bug bounty for thousands of testers who helped secure the site, and various other apps under its umbrella such as Instagram, Moves etc.
Facebook purchased Oculus in March this year for $2 Billion, and now wants you, developers, to test out the Oculus Rift virtual reality headset - Facebook's first hardware product.
How much can you earn?
Under the program, individual security researchers who report bugs to Facebook may be financially rewarded. The minimum reward is $500, but there is no maximum limit - you could end up earning thousands, or even hundreds of thousands of $$$ if the security flaw you find is sufficiently big.
Where to find bugs?
You can hunt for flaws in the code for the Oculus Rift virtual reality headset, the SDK (Software Development Kit) and the website.
Even though this is Facebook's first hardware device, according to a Facebook security engineer Neal Poole, the majority of bugs related to Oculus Rift are in the message system for Oculus developers and parts of the website. As a result, the bugs are similar to the ones found in the social network.
However, since Oculus is the company's first hardware product, Facebook's security team may start getting a new species of bug. If you're a security researcher and own the device, you must try your hands at exposing vulnerabilities and earning some quick bucks!
Good luck :)