©2024 Meta.
HACKER PLUS PROGRAM
The effective date of these terms and conditions (“Terms”) is: January 30, 2024.
No purchase necessary to participate in this Program. A purchase will not increase your chances of receiving a reward. Void where prohibited by law.
Internet access, a valid Facebook account, and a valid email address are required to participate.
Potential reward recipients may be required to respond to an initial notification from Facebook (defined below) within forty-eight (48) hours and potential recipient (and the parent or legal guardian of a recipient who is a minor) may be required execute reward acceptance documents and return them within ten (10) days from the date they are sent.
Important: Please read these Terms, which are a contract. Without limitation, this contract includes indemnities to Meta from you, a class action waiver, and other limitations of your rights and remedies. By participating, you agree to be bound by and that you will comply with these Terms.
Please note that Meta, in its sole discretion, may modify, restrict, suspend, terminate, or otherwise change any aspect of this program, and/or the fulfillment of any reward, as noted in Section 8 below.
The Meta Hacker Plus Program (“Program”) is brought to you by Meta, Inc. (“Meta”). Qualifying individuals who submit a valid report to Meta that resulted in a payout according to our Terms, incorporated through this reference and available at https://bugbounty.meta.com/ (“Meta Bug Bounty Terms”) will automatically be participating in this Program (qualifying individuals are collectively “Participants” and each a “Participant”) for the opportunity to receive rewards subject to verification and in accordance with the league in which they have qualified as described below. These Terms govern participation in this Program. This is only a high-level summary of the Program; read through these entire Terms to make sure you understand the details.
Each qualifying individual who submits a valid Report to Meta on or after the effective date of this Program that results in a payout (a “Bounty Payout”) according to our Terms (https://bugbounty.meta.com/) will be automatically enrolled into this Program, and therefore, is a Participant. Meta determines each Participant’s league based on eligible Reports received by Meta. At Program launch, Meta assigned each Participant’s league based on the highest league obtained during any twelve (12) month continuous period from 12:00:00 a.m. Coordinated Universal Time (“UTC”) on October 9, 2018 to 11:59:59 p.m. UTC on October 8, 2020. The method of calculating the placement of Participants in leagues during the course of the Program is described in the “Points, Signal-to-Noise Ratio, Score, and Leagues” Section 3 below.
All content submitted in connection with this Program, including without limitation, all aspects of the Reports, must comply with all of the report requirements detailed in these Terms and in the Meta Bug Bounty Terms (https://bugbounty.meta.com/). Tips on submitting a Report are available here: https://www.facebook.com/whitehat/resources/.
Meta may offer features allowing Participants to publicly display certain information about their participation in this Program within a researcher profile, such as profile information, the league achieved, and related badges, points, score, signal-to-noise ratio, and other statistics. If you choose to share your information through this feature, this information will be public and others, including people without a Facebook account, may use it or share it with third parties.
Those who do not abide by these Terms and the instructions of Meta and its representatives and provide all required information may, by Meta at its sole discretion, be disqualified and any purported participation by such person deemed void. If a Participant attempts or succeeds in abusing the Program, and/or participation that is fraudulent, deceptive, forged, altered, incomplete, lost, late, misdirected, mutilated, illegitimate, incomprehensible, garbled, or generated by a macro, bot, or other automated means will not be accepted, will be void and Meta may (in its sole discretion) disqualify such Participant from participation in this Program and/or Meta Bug Bounty or demote the Participant to a lower league. As a condition of receiving certain rewards or attending events in connection with this Program, Participants give Meta and its agents permission to share their name, address, and other contact or reward information to third parties (such as reward suppliers) for the purpose of administering this Program and complying with applicable laws, regulations, and rules. If you choose not to give your consent, you must notify Meta in writing at bugbounty@meta.com, in which case Meta may, in its sole discretion, disqualify you either from receiving the applicable reward, from the entire Program, or both.
You should retain a copy of your Report and records of your participation. Meta is not responsible for providing a copy or report of any element of participation.
As more fully described below and in Exhibit A, there are several factors that determine the league in which a Participant is placed, including: score, signal-to-noise ratio, and the number of Bounty Payouts received.
Points: Points are received for each Report resulting in a Bounty Payout that reaches certain threshold payment amounts according to the formula in Exhibit A. |
Score: The score is calculated by multiplying points by the SNR as explained in more detail in Exhibit A. |
Signal-to-Noise Ratio: In simple terms, the signal-to-noise ratio (“SNR”) represents the ratio between the number of Bounty Payouts and all Reports from a single Participant. Certain Reports are categorized as Participant Duplicative Reports, Not Applicable Reports, and Informative Reports in accordance with the following definitions:
|
SNR is calculated according to the formula in Exhibit A.
At launch of this Program, score and SNR will be determined through Reports submitted from 12:00:00 a.m. UTC on October 9, 2018 to 11:59:59 p.m. UTC on October 8, 2020. Only the score and SNR that result in the highest league during any twelve (12) month continuous period within those twenty-four (24) months will be used. After the Program effective date, score and SNR will be recalculated daily to incorporate newly submitted Reports.
Leagues: Exhibit A contains details of how to qualify for each league in this Program. Participants who meet the threshold for a league will immediately qualify for the corresponding league. Twelve (12) months from the date that a Participant qualifies for a league, Meta will reevaluate the Participant’s league on a daily basis in accordance with the league qualifications in Exhibit A. If the Participant has failed or fails to meet any of the qualifications for the previous period of twelve (12) months, then the Participant will be downgraded to the league that is one (1) league less than the Participant’s current league. For example, if a Participant is currently in the Diamond league and only meets the qualifications for Silver, the Participant will be downgraded to the Platinum league. If the Participant does not meet the threshold for the next highest league after the following twelve (12) months, Meta will reevaluate again using the same procedures.
NOTE: When a Participant’s Program participation ends for any reason or upon Program termination or cancellation (collectively and each, “Cancellation”), the applicable Participant’s or Participants’ active membership immediately ceases and they can no longer earn points, league status, or any other potential benefit in the Program. Upon Cancellation, Participant immediately forfeits all points, league status, and any other potential benefit in the Program. Meta will not provide any refund or compensation for any points, league status, or other potential benefit in the Program.
Notifications in connection with this Program may be by email and/or Facebook Notification and Support inbox; it is each Participant’s sole responsibility to receive and monitor those methods to timely receive, review, and respond as needed to notifications. Failure to timely respond or complete any of the steps set forth in the notification and verification procedures below for any reason, including filtering or failure by any potential recipient to notice or accept a communication from Meta or its representative, may result in disqualification of such potential recipient from receiving the reward. Meta reserves the right to contact Participants for verification purposes and administration of the Program. All Meta decisions are final and binding in all matters relating to this Program.
The following is applicable for the Hacker Plus Payout (defined in attached Exhibit A) monetary multiplier rewards: Meta will notify the potential recipient of a Hacker Plus Payout monetary multiplier reward upon receipt of Bounty Payout confirmation, and subject to verification, will award this Program’s Hacker Plus Payout at the same time and through the same procedures as the associated Bounty Payout. Hacker Plus Payouts will be issued based on the date the associated Bounty Payout is processed by Meta. Only Bounty Payouts processed on or after October 9th, 2020 12:00:00am UTC are eligible.
The following is applicable for non-monetary rewards: Meta will notify the potential recipients of non-monetary rewards, and each potential recipient will be required to respond to Meta as instructed in the notification within forty-eight (48) hours of initial notification or other timeframe as specified in the notification.
Recipients will receive rewards depending on their league, with those in the higher leagues receiving better rewards. Rewards will only be available for use by security researchers individually, subject to verification. See Exhibit A for current information regarding rewards, including how this Program’s payouts are calculated (collectively, “Rewards Details”), which Meta may change at any time with reasonable notice according to Section 8 below. We may change the rewards and the manner in which payouts are calculated at any time. All reward details not specified in these Terms (including Exhibit A) will be determined by Meta at its sole discretion. Rewards are not the property of any Participant until they are actually received.
Employees, officers, directors, members, managers, agents, and representatives of Meta or its parent and subsidiary companies, affiliates, divisions, representatives, consultants, sub-contractors, suppliers, distributors, legal counsel, reward providers, program administrators, advertising, public relations, promotional, fulfillment and marketing agencies (collectively, the “Released Parties”) are not responsible for and recipient will not receive the difference between the actual value of the reward at the time of award and the stated approximate retail value (“ARV”) in Exhibit A or in any Program-related correspondence or materials. ARVs are stated and payouts are made in United States Dollars by default, but Meta may choose to offer Participants the option to be paid in other currency in its sole discretion. Meta is not responsible for a potential recipient’s inability to accept or use the reward for any reason.
Certain rewards (e.g. travel and event participation) may contain eligibility criteria in order for Participants to receive such reward, such as, without limitation, a requirement that a parent or legal guardian accompany a minor, or other age requirements, or that a Participant secure appropriate visa or other travel documents before participating. If a rewards recipient does not meet the applicable eligibility criteria, Meta may, in its sole discretion, not award the related reward to the Participant.
Any taxes (federal, national, state, prefectural, territorial, provincial, and/or local) and other costs and expenses associated with reward acceptance or use and not specified in these Terms as being part of the reward will be the sole responsibility of recipient. Recipient may be issued a tax form for the actual value of the reward. No more than the stated reward will be awarded. Meta will not replace any lost, mutilated, or stolen rewards or reward elements or any rewards that are undeliverable or do not reach the recipient because of an incorrect or changed address or contact information. If a recipient does not accept or use the entire reward, the unaccepted or unused part of the reward will be forfeited, and Meta will have no further obligation with respect to that reward or portion of the reward. No transfers, reward substitutions, or cash redemptions will be made, except by Meta at its sole discretion. Recipient is strictly prohibited from selling, auctioning, trading, or otherwise transferring any part of the reward, except as allowed under Meta Bug Bounty and/or with permission by Meta, which may be granted or withheld for any reason in its sole discretion. Any mailed reward elements will only be mailed or otherwise provided to the verified recipient’s address, unless Meta, in its sole discretion, agrees otherwise. Shipment/delivery of certain rewards (e.g. equipment, software, hardware) may be restricted (for example, by a government, regulatory agency, or manufacturer/creator), impractical (e.g. excessive shipping costs, duties or taxes), or impossible for Meta to award to Participants who live in some jurisdictions. Meta reserves the right, but not the obligation, to substitute any reward or portion thereof with another reward or portion thereof of equal or greater value for any reason, including unavailability or cancellation of the stated reward. Each Participant waives the right to assert as a cost of receiving any reward any and all costs of verification and redemption or travel to claim the reward and any liability and publicity which might arise from claiming or seeking to claim said reward.
If the reward involves travel and/or an event, the following applies: Unused and/or unclaimed nights for a reward that involves overnight travel will not be refunded. If travel or attendance at an event is not possible or advisable (as determined by Meta) on or around the expected travel dates as originally set forth by Meta; Meta may, in its sole discretion, cancel the reward or (but has no obligation to) adjust the travel dates, in which case the new travel dates will be the required dates for travel, and failure to travel on those dates will result in forfeiture of the reward.
If the recipient is a minor in their country, state, or jurisdiction of primary residence, they must be accompanied by a parent or legal guardian as their guest during the entire trip and/or event.
If a guest accompanies recipient to travel or attend an event, recipient agrees that their guest must comply with Meta and each reward provider’s procedures and policies and may be required to complete, sign, have notarized, and return a release of liability and, where legal, a publicity release to Meta in the timeframe specified by Meta or travel will not be allowed. Once selected by the recipient, guest(s) cannot be changed without the express consent of Meta, which may be withheld for any reason.
Actual retail value of the reward may vary depending on location of the recipient’s residence, market conditions, changes in value of components (e.g., air transportation and hotel rates) and other reasons. Meta is not responsible for and recipient will not receive the difference between the actual value of the reward at the time of award and the stated ARV in Exhibit A or in any Program-related correspondence or materials. In the event the recipient lives within close proximity to the trip destination (as determined by Meta at its sole discretion), Meta will substitute airfare with ground transportation, and any difference in value will not be awarded to the recipient. The recipient and guest (if applicable) must travel from a Meta-selected airport near the recipient’s residence on Meta-selected dates or the reward may be forfeited. Failure to complete the trip reward does not relieve the recipient of their tax obligations associated with receiving the trip reward. Specific travel arrangements and all reward details not specified in these Terms will be made and determined by Meta at its sole discretion. All tickets are subject to the terms and conditions specified thereon. Travel must originate from and end at the same airport. It is the recipient’s (and guest’s, if any) sole responsibility to comply with all travel requirements, which may include, without limitation, presenting necessary identification (including photograph) and/or a valid passport and visa (if applicable) at the time of travel. The Recipient (and guest(s), if any) must satisfy all security requirements and pass all security screening processes necessary to travel on a trip reward, including, without limitation, those imposed by any government or governmental agency, any common carrier, or Meta. Flight schedules are subject to change without notice. Meta is not liable for any missed reward events, opportunities or expenses incurred as a consequence of flight cancellation/delay or ground transportation delay. The Recipient (and/or guest(s), if applicable) may be required to provide a credit card at time of hotel check-in to cover hotel incidentals.
By participating in this Program and accepting the reward, the recipient agrees to maintain their (and if there is a guest, that guest will maintain guest’s) behavior in accordance with all applicable laws and generally accepted social practices in connection with participation in any Program- or reward-related activity. The recipient understands and agrees that Meta or reward providers have the right, in their sole discretion, to disqualify and remove the recipient (and/or guest, if any) from any activity at any time if the recipient’s (and/or guest’s, if any) behavior at any point is uncooperative, disruptive, or may or does cause damage to person, property, or the reputation of Meta or otherwise violates the policies of the reward providers, and in such a case, the recipient will still be solely responsible for all taxes and other expenses related to the reward.
If the reward allows a guest or requires that a minor Participant is accompanied by a parent or legal guardian, the recipient’s guest must be the age of majority in the guest’s state of residence, unless the recipient is his or her guest’s parent or legal guardian.
Recipient agrees that the Released Parties are not responsible in any way for any additional expenses, omissions, delays, or re-routing resulting from any acts of any government or authority.
To the maximum extent permitted by applicable law, each Participant agrees to release, hold harmless, and indemnify each of the Released Parties from and against any liability whatsoever for injuries or damages of any kind sustained in connection with the acceptance, use, misuse, or awarding of the reward or while preparing for, participating in, and/or traveling to or from any reward- or Program-related activity including, without limitation, any injury, damage, loss, death or accident to or of person or property. The prior limitation on damages is not intended to limit the released parties’ obligation (if any) to pay prevailing party costs or fees if recoverable pursuant to applicable law. The limitations set forth in this section will not limit or exclude the released parties’ liability for personal injury or tangible property damage caused by the released parties, or for the released parties’ gross negligence, fraud, or intentional, willful, malicious, or reckless misconduct. To the maximum extent permitted by applicable law, each recipient agrees that the reward is provided as-is without any warranty, representation, or guarantee, express or implied, in fact or in law, whether now known or hereinafter enacted, relative to the use or enjoyment of the reward, including, without limitation, its quality, merchantability, or fitness for a particular purpose. Recipient acknowledges that they are solely responsible for any actions, claims, or liabilities of their guest (if any) related to any Program-related activity, including, without limitation, any actions, claims or liabilities related to guest’s use of the reward.
Each Participant understands and agrees that all rights under Section 1542 of the Civil Code of California and any similar law of any country, state, territory or jurisdiction are hereby expressly waived by them. Section 1542 reads as follows:
“A general release does not extend to claims that the creditor or releasing party does not know or suspect to exist in his or her favor at the time of executing the release and that, if known by him or her, would have materially affected his or her settlement with the debtor or released party.” |
Except where prohibited, as a condition of participating in this Program, each Participant agrees that any and all disputes that cannot be resolved between the Participant and any Released Party, claims and causes of action arising out of or connected with this Program, or the reward awarded, or the determination of a recipient must be resolved individually, without resort to any form of class action. Further, in any such dispute, under no circumstances will a Participant be permitted or entitled to obtain awards for, and hereby waives all rights to claim punitive, incidental or consequential damages, or any other damages, including attorneys’ fees, other than Participant’s actual out-pocket expenses (if any), not to exceed ten dollars ($10*), and Participant further waives all rights to have damages multiplied or increased.
This Program, these Terms, and any dispute arising under or related thereto (whether for breach of contract, tortious conduct or otherwise) will be governed, construed, and interpreted under the internal laws of the state of California, U.S.A., without reference or giving effect to its conflicts of law principles or rules that would cause the application of any other state’s laws. Any legal actions, suits, or proceedings related to this Program (whether for breach of contract, tortious conduct, or otherwise) will be brought exclusively in the U.S. District Court for the Northern District of California or a state court located in San Mateo County, California and each Participant irrevocably accepts, submits, and consents to the exclusive jurisdiction and venue of these courts with respect to any legal actions, suits, or proceedings arising out of or related to this Program. You waive any and all objections to jurisdiction and venue in these courts and hereby submit to the jurisdiction of those courts.
Meta reserves the right to modify, restrict, suspend, or otherwise change any aspect of the Program, and/or these Terms from time-to-time, for any reason, including any reason beyond the control of Meta, and within its sole discretion, including without limitation, the manner in which Participants participate, the manner in which score and signal-to-noise ratio are calculated, and criteria for the leagues, with reasonable notice to Participants. We will notify you of changes to these Program Terms by posting them to https://bugbounty.meta.com/hackerplus/terms and may also notify you by Facebook Notification, the email to the address then associated with your Facebook account, and/or using any other contact information we may have for you. The updated Terms will be effective as of the time of posting, or upon such a later date as specified by Meta. The updated Terms will apply to your participation in the Program beginning as of their effective date, or upon such later date or by such other method as specified by Meta. If you do not agree to such an amendment, you must cease your participation in the Program immediately. Except where exigencies require a shorter timeframe, we reserve the right to terminate the program completely by providing you with sixty (60) days’ notice of the impending termination.
The Released Parties are not responsible and/or liable for any of the following, whether caused by a Released Party, the Participant, or by human error: participation submitted by illegitimate means (such as, without limitation, by an automated computer program); any lost, late, incomplete, illegible, unintelligible, garbled, mutilated, or misdirected participation, email, mail, or Program-related correspondence or materials or postage-due mail; any error, omission, interruption, defect or delay in transmission or communication; viruses or technical or mechanical malfunctions; interrupted or unavailable cable or satellite systems; errors, typos, or misprints in these Terms, any Program-related advertisements, or other materials; failures of electronic equipment, computer hardware, or software; lost or unavailable network connections or failed, incorrect, incomplete, inaccurate, garbled or delayed electronic communications or participation information. Released Parties are not responsible for electronic communications that are undeliverable or do not reach the Participant as a result of any form of active or passive filtering of any kind or insufficient space in a potential recipient’s email or voicemail inbox to receive email or voicemail messages. Released Parties are not responsible, and may disqualify you, if your email address or other contact information does not work or is changed without prior written notice to Meta. Without limiting any other provision in these Terms, the Released Parties are not responsible or liable to any Participant or recipient (or any person claiming through such Participant or recipient) for failure to supply the reward or any part thereof in the event that any of the Program activities or Released Parties’ operations or activities are affected by any cause or event beyond the sole and reasonable control of the applicable Released Party (as determined by Meta in its sole discretion), including, without limitation, by reason of any force majeure event, act of God, equipment failure, threatened or actual terrorist acts, air raid, act of public enemy, war (declared or undeclared), civil disturbance, insurrection, riot, epidemic, pandemic, public health crisis, fire, explosion, earthquake, flood, hurricane, unusually severe weather, blackout, embargo, labor dispute or strike (whether legal or illegal), labor or material shortage, transportation interruption of any kind, work slow-down, any law, rule, regulation, action, order, or request adopted, taken, or made by any governmental or quasi-governmental entity (whether or not such governmental act proves to be invalid), or any other cause, whether or not specifically mentioned above.
The Meta clock will be the official timekeeper for this Program. Decisions by Meta will be final in all matters relating to this Program, including interpretation of these Terms and awarding of the rewards. All Participants, as a condition of participating, agree to be bound by these Terms and the decisions of Meta. Participants further agree to not damage or cause interruption of the Program and/or prevent others from participating in or engaging with the Program. Meta reserves the right to restrict or void participation from any IP address or other identifiable source if any suspicious participation is detected. Meta reserves the right, in its sole discretion, to void the participation of any Participant who Meta believes has attempted to tamper with or impair the administration, security, fairness, or proper play of this Program. Failure by Meta or decision not to enforce any provision in these Terms will not constitute a waiver of that or any other provision. In the event there is an alleged or actual ambiguity, discrepancy, or inconsistency between disclosures or other statements contained in any Program-related materials and/or these Terms (including any alleged ambiguity, discrepancy, or inconsistency within these Terms), it will be resolved by Meta in its sole discretion. Participants waive any right to claim ambiguity in the Program or these Terms. If Meta determines at any time in its sole discretion that a recipient or potential recipient is disqualified, ineligible, in violation of these Terms, or engaging in behavior that Meta deems obnoxious, deceptive, inappropriate, threatening, illegal or that is intended to annoy, abuse, or harass any other person, Meta reserves the right to disqualify that recipient or potential recipient, even if the disqualified recipient or potential recipient may have been notified or displayed or announced anywhere. The invalidity or unenforceability of any provision of these Terms will not affect the validity or enforceability of any other provision. In the event that any provision is determined to be invalid or otherwise unenforceable or illegal, these Terms will otherwise remain in effect and will be construed in accordance with their terms as if the invalid or illegal provision were not contained herein. If any person supplies false information, participates by fraudulent or deceptive means, or is otherwise determined to be in violation of these Terms in an attempt to obtain a reward, Meta may disqualify that person and seek damages from them and that person may be prosecuted to the full extent of the law. In the event of a dispute concerning the identity of a Participant, the dispute must be resolved to the satisfaction of Meta or the related participation will be disqualified. Any Participant may be required to provide Meta with proof of compliance and eligibility in the form requested.
Points are received for Reports that resulted in a Bounty Payout that reach certain threshold payment amounts in accordance with the formula below. Point calculations are rounded up. Bonus payouts (if applicable) are not included in a Bounty Payout and will not affect a Participant’s points.
Security/Privacy
$500 to $900 USD 100 |
$1,000 to $1,999 USD 40 |
$2,000 to $4,999 USD 30 |
$5,000 to $9,999 USD 15 |
$10,000 USD or more
10 |
Note: The difference between points is done as we phase out the Integrity Safeguards program. Once the program matures and we gain more signal that we’ve properly calibrated scope and payouts, we expect Integrity Safeguards findings to yield the same amount of points as for other bug bounty reports.
Signal-to-noise ratio (SNR) is calculated according to the following formula:
Number of Bounty Payouts in the previous twelve-(12-) month period
The score is recalculated after each Report resulting in a Bounty Payout by multiplying the points received for such Report by the Participant’s current SNR and adding to the current score. For example, a Participant who has a score of 400 submits a new Report that results in 100 points and has an SNR of .8 would receive a score of 80 for the new Report, which would be added to the 400 score for a total score of 480 (100 x .8 + 400 =480). Scores received for Reports will be removed/subtracted from the total score twelve (12) months from the date the score is earned.
Below are the details of how to qualify for each league in this Program.
Qualifying for Active Researcher: To qualify for the Active Researcher league, you must have:
|
|
Qualifying for Bronze: To qualify for the Bronze league, you must have:
|
|
|
Qualifying for Silver: To qualify for the Silver league, you must have:
|
|
|
Qualifying for Gold: To qualify for the Gold league, you must have:
|
|
|
Qualifying for Platinum: To qualify for the Platinum league, you must have:
|
|
|
Qualifying for Diamond: To qualify for the Diamond league, you must have:
|
|
|
If Participants qualify for a higher league, they will be immediately promoted to that league at any time of year. Twelve (12) months from the date that a Participant qualifies for a league, Meta will reevaluate, on a daily basis, whether the Participant still qualifies for their current league. For example, if a Participant achieves Diamond league and then in the subsequent twelve (12) months submits five (5) valid bugs and has a total score of two thousand five hundred (2,500), such Participant will be placed in the Platinum league. As described in more detail in the Terms, a Participant will only be downgraded one (1) league at a time.
If a Report that results in a Bounty Payout is created with collaboration of two (2) or more Participants (“Collaborator(s)”), each Collaborator will receive the number of points for the Report that correspond with how much of the total Bounty Payout received for the Report. For example, three (3) Collaborators receive $13,000* as a total Bounty Payout for a Report, with Collaborator A receiving $10,000*, Collaborator B receiving $2,000* and Collaborator C receiving $1,000*. Collaborator A’s points are calculated by dividing by 10 ($10,000*/10 = 1,000 points). Collaborator B’s points are calculated by dividing by 30 ($2,000*/30 = 67 points). Collaborator C’s points are calculated by dividing by 40 ($1,000*/40 = 25 points).
Each Collaborator will also receive one (1) Report which will further positively impact the calculation of each Collaborator’s SNR and score.
Multiplier Bonuses will be calculated in accordance with each Collaborator’s then current league. (See the Rewards Section below for the Multiplier Bonus formula.) So, in the example above, if Collaborator A is in the Diamond league, Collaborator A would have a Multiplier Bonus of $2,000* ($10,000* x .2 = $2,000*).
If Collaborators submit a Report that results in a Participant Duplicative Report, Not Applicable Report, or Informative Report, these will be used in the calculation of each of the Collaborator’s SNR, score and Bonus Offset, which will negatively impact each Collaborator’s ability to receive a Hacker Plus Payout.
Multiplier Bonus, Payout Time Bonus, Bonus Offset, and Hacker Plus Payout: Participant’s “Hacker Plus Payout” is determined by taking the Multiplier Bonus and deducting a Bonus Offset, only when the Bonus Offset is greater than $0* (all as defined and described below).
(Multiplier Bonus (=) Hacker Plus Payout), unless Bonus Offset is greater than $0*, then;
(Multiplier Bonus (-) Bonus Offset (=) Hacker Plus Payout), however, a Participant will never receive a Hacker Plus Payout that is less than $0*.
Note that each time the value of the Hacker Plus Payout is offset in accordance with the previous formula, the Bonus Offset will be adjusted according to the following:
(Current Bonus Offset (-) Current Multiplier Bonus (=) New Bonus Offset)
Multiplier Bonus. The “Multiplier Bonus” is determined by the league achieved and calculated according to the following formula:
|
|
|
|
|
For example, a Participant who is in the Bronze league who receives a Bounty Payout of $500* has a Multiplier Bonus of $25*.
Bonus Offset. The “Bonus Offset” is determined according to the following:
|
|
|
|
For example, a Participant qualifies for the Program on February 15, so has a Bonus Offset of (-) $200*. The Participant subsequently submits one (1) Informative Submission ((+) $10*) and two (2) Non Applicable Submissions ((+) $20* + (+) $20* = (+) $40*), so their Bonus Offset is now (-) $150*. Then, as of July 20, the Participant submitted eleven (11) more Non Applicable Submissions ((+) $20* x 11 = (+) $220*), so they have a Bonus Offset of (+) $70*.
Hacker Plus Payout. The “Hacker Plus Payout” is calculated as follows: Multiplier Bonus minus (-) current Bonus Offset equals (=) Hacker Plus Payout.
Using the example from above, on July 25 the Bronze league Participant receives their first Bounty Payout (of $500*) since joining the Program, so the Participant has a Multiplier Bonus of (+) $25*. The Participant has a Bonus Offset of (+) $70*. The Hacker Plus Payout is (+) $25* minus (+) $70* equals negative (-) $45*, so the Participant would not receive a Hacker Plus Payout because the total is less than $0*. The Participant’s Bonus Offset would then be recalculated by taking the current Bonus Offset of (+) $70* and subtracting the current Multiplier Bonus of (+) $25*, which equals (+) $45*. The Participant would still receive the Bounty Payout of $500*.
In a separate example, a Diamond league Participant receives a Bounty Payout of $1,250* (which gives a Multiplier Bonus of $250*) and currently has a Bonus Offset of (+) $200*. To calculate the Participant’s Hacker Plus Payout, take the Payout Multiplier of $250* and minus (+) $200*, which is $50*. The Participant would receive $1,300* in total payouts (rather than $1,500*, if the Bonus Offset was less than $0*). The Bonus Offset would now be $0* because the Bonus Offset was used to calculate the Hacker Plus Payout.
Payout Time Bonus. The “Payout Time Bonus” payment will be issued in the event it takes us more than 30 days to issue a Bounty Payout from the time we’ve obtained all the information required for a successful reproduction of the report and its impact from the researcher, assuming the report is not reverted to prior triage stages and does not require clarifying follow-up in which case such additional time will be deducted from the calculation. The bonus amount will vary based on the wait time:
|
For example, assume a Platinum league Participant submits a report to us on May 1, 2021 at 7:30am PT with all reproduction and impact details included, the report is then sent to a Facebook product team for a fix on May 1, 2021 at 10:30am PT, and that report is eventually deemed eligible for a Bounty Payout and expected to result in a $2,000* Bounty Payout. If that Participant’s report is then paid out on June 30, 2021 at 7:30am PT, the report would be subject to a Payout Time Bonus payment of $150* (May 1 at 7:30am PT to June 30 at 7:30am PT = 60 days and 0 minutes; $2,000* x 7.5% = $150*). The Hacker Plus Payout and Points calculations for this report will be based on the original amount ($2,000*) and not the total amount including the Payout Time Bonus ($2,150*).
To add one more example, assume a Platinum league Participant submits a report to us on May 1, 2021 at 7:30am PT, but adds a clarifying comment with the reproduction steps on May 1, 2021 at 7:50am PT, the report is then sent to a Facebook product team for a fix on May 1, 2021 at 10:30am PT, and that report is eventually deemed eligible for a Bounty Payout and expected to result in a $2,000* Bounty Payout. If that Participant’s report is then paid out on June 30, 2021 at 7:30am PT, the report would be subject to a Payout Time Bonus payment of $100* (May 1 at 7:50am PT to June 30 at 7:30am PT = 59 days, 23 hours, and 40 minutes; $2,000* x 5% = $100*).
Payout Time Bonus calculations are based on the time the last detail is provided before a bug is reproduced by the triage team and accepted to our program for remediation. If all information is included in the main submission without any follow-up clarifying comments, we take the submission time, but in case it has any follow-up clarifying comments, we take the time of the last clarifying comment before our successful reproduction and acceptance to our program. Meta has complete discretion in determining whether a follow-up comment is considered a “clarifying comment”. A “day” is a period of 24 hours and begins at the exact time a report is sent to the product team at Meta for a fix, regardless of the specific time of day (i.e., a “day” will not be rounded down or up). For purposes of clarity, the phrase “after 60 days or more” means “60 days, 0 hours, 0 minutes, and 0 seconds, or any amount of time greater than that”. Similarly, the phrase “but fewer than 90 days” means “89 days, 23 hours, 59 minutes, and 59 seconds, or any amount of time lesser than that”. These illustrative examples will apply in the same way to subsections (1), (2), and (3) above. Please note that a Payout Time Bonus will not be added to your Bounty Payout for purposes of calculating a Multiplier Bonus. Further, similar to other bonuses that may be applicable, Payout Time Bonuses (if applicable) are not included in a Bounty Payout and will not affect your points calculation.
Should you choose to opt-out of the Hacker Plus Program, future reports that you submit will still be eligible to receive a Payout Time Bonus if applicable.
Additional Rewards: In addition to the Hacker Plus Payout, those who achieve certain league thresholds may receive the following, with details determined by Meta at its sole discretion:
|
|
|
|