Fb dad or mum firm Meta is including updates to its bug bounty program for merchandise from its metaverse division Actuality Labs, together with its Quest 2, Portal, and Ray-Ban Tales sensible glasses, the corporate introduced Friday. The work will play an vital function in its “journey to assist construct the metaverse,” in keeping with a press launch.
The press launch emphasised that verified Ray-Ban Tales bug submissions are eligible for awards, which it’s hoping will incentivize extra researchers to “analyze the glasses and our different {hardware} units.” The minimal award for locating a bug is $500, and the quantities improve relying on the system and the potential influence of the bug found. The most important payout listed is $30,000 however might go even larger on the firm’s discretion, for bugs that might doubtlessly end in well being, security, or privateness dangers.
Meta supplied a listing of hypothetical bugs and what the payouts might seem like:
A difficulty that will enable a malicious third-party software to inject content material that’s then consumed by a first-party software, comparable to footage to a slideshow or audio to a name, would obtain a ~$1,000 payout below the “Points attributable to doubtlessly malicious third-party apps”
A 3rd-party app gaining microphone entry with out requesting it on a Quest system would obtain a $5,000 payout below “Unauthorized mic entry by third-party app.”
A 3rd-party software on Quest that is ready to crash or disable Guardian would obtain a $3,000 payout below “DoS”
Distant code execution by way of a buffer overflow within the Quest voice chat library, getting execution in a privileged first-party software would obtain a $16,000 payout.
The corporate first established its bug bounty program in 2011 and says it’s been instrumental in serving to it discover and repair bugs, with practically $2 million in awards paid to safety researchers final yr alone, in keeping with a weblog publish from firm safety engineering supervisor Dan Gurfinkel.
The whole listing of payouts and tips will be discovered right here.