Facebook will pay you a bounty of at least $500 for identifying security bugs in the Oculus Rift virtual reality technology. There is no cap on how much they will pay. Payment is based on the severity and creativity of the detected bug.
Facebook has used this crowdsourced bug catching technique for a while now, but the Oculus RIft is now a part of it, according to Mashable. Bear in mind that you will only be paid under certain circumstances, and you should use a test account.
You must abide by their responsible disclosure policy: You need to report the Oculus Rift security bugs to them, and wait for them to respond before you publicly disclose it. You must also make a ‘good faith’ effort to circumvent any violation of privacy, destruction of data, or any compromise of the Facebook service.
If you don’t follow the guidelines above, that might attract litigation or an investigation.
Early Bug Reports Are Best
You will not be paid if you weren’t the first to report the Oculus Rift bug.
Only bugs which compromise the integrity of user data, circumvent the privacy protections of user data or enable access to a system within their infrastructure, such as the following are eligible:
Cross-site Scripting (XSS).
Cross-site Request Forgery (CSRF/XSRF).
Broken Authentication (including Facebook OAuth bugs).
Circumvention of their Platform/Privacy permission models.
Remote Code Execution.
You must not interact with other accounts without obtaining their consent first. There are many more guidelines and requirements, see them here.
What do you think of this bug catching concept? Is it a waste of money, or is it ingenius?
My thoughts: The most likely people to encounter bugs are users of the Oculus Rift, as is the case for any other technology, but will they thoroughly investigate and report it promptly?
Most will just gripe and move on. Offering payment can provide a significant motive for reporting bugs the right way. However, this is a security bug, which is usually detected by hackers, not most Oculus users, although hackers are somewhat common, so Facebook can probably identify quite a few Oculus Rift bugs using this technique.