Meta updates bug bounty program to better cover VR and AR products

Facebook's parent company will pay big bucks for spotting security bugs in products like Meta Quest 2, Meta Portal and Ray-Ban Stories.

Bree Fowler Senior Writer
Bree Fowler writes about cybersecurity and digital privacy. Before joining CNET she reported for The Associated Press and Consumer Reports. A Michigan native, she's a long-suffering Detroit sports fan, world traveler, two star marathoner and champion baker of over-the-top birthday cakes and all-things sourdough.
Expertise Cybersecurity, Digital Privacy, IoT, Consumer Tech, Running and Fitness Tech, Smartphones, Wearables
Bree Fowler
Facebook Ray-Ban Stories 2021

Meta's new smart shades are part of its bug-bounty program, too.

Josh Goldman/CNET

Meta said Friday that it's updating its bug bounty program to better cover its new virtual reality and augmented reality products.

The devices are made by the company's Reality Labs division and include products like the Meta Quest 2 VR headset, Meta Portal smart speaker and Ray-Ban Stories smart sunglasses.

Meta, formerly known as Facebook , said in its Friday blog post that the idea is to give security researchers a better idea of what kinds of bugs will reap them the biggest rewards and to get more of them to focus on its products.

Meta said the amount paid will hinge on the potential security impact of the bug in question. For example, finding a bug that could allow someone to fully and consistently bypass a device's security could be worth as much as $30,000.

But the discovery of a less dangerous bug, like one that could give unauthorized access to a Portal's camera or microphone, might be worth $5,000. 

Bug bounty programs are a growing trend in cybersecurity, with some companies offering millions in rewards. Independent security researchers search for bugs and flaws that attackers could use, and get paid to inform the company rather than use the flaws for malicious purposes.

Meta boasts one of the longest-running bug bounty programs in the tech industry. Started in 2011, the program has paid out bounties to more than 1,500 researchers from 107 countries. Last year, the company paid bounties totaling $2 million.