Meta said Friday that it’s updating its bug bounty program to better cover its new virtual reality and augmented reality products.
The devices are made by the company’s Reality Labs division and include products like the Meta Quest 2 VR headset, Meta Portal smart speaker and Ray-Ban Stories smart sunglasses.
Meta, formerly known as Facebook, said in its Friday blog post that the idea is to give security researchers a better idea of what kinds of bugs will reap them the biggest rewards and to get more of them to focus on its products.
Meta said the amount paid will hinge on the potential security impact of the bug in question. For example, finding a bug that could allow someone to fully and consistently bypass a device’s security could be worth as much as $30,000.
But the discovery of a less dangerous bug, like one that could give unauthorized access to a Portal’s camera or microphone, might be worth $5,000.
Bug bounty programs are a growing trend in cybersecurity, with some companies offering millions in rewards. Independent security researchers search for bugs and flaws that attackers could use, and get paid to inform the company rather than use the flaws for malicious purposes.
Meta boasts one of the longest-running bug bounty programs in the tech industry. Started in 2011, the program has paid out bounties to more than 1,500 researchers from 107 countries. Last year, the company paid bounties totaling $2 million.