Facebook, the world’s top social network with more than 750 million users, will be paying rewards of $500 or more for each vulnerability or bug identified by security researchers in the social network.

Facebook has launched a new Whitehat page where researchers can sign up for the program and report bugs. If a bug has been discovered, the researchers are asked to provide as much information as possible. In order to receive the award, a detailed explanation of steps is required and all legitimate reports will be investigated.

Eligibility Rules for Facebook’s Bug Bounty

In order to be eligible for the reward, researchers must follow to Facebook’s Responsible Disclosure Policy.

• You must be the first person to “responsibly disclose the bug.”
• Give Facebook a reasonable time to respond to your report before making any information public.
• You must live in a country “not under any current U.S. Sanctions.”
• You agree to report issues that may compromise a user’s information including Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF/XSRF) and Remote Code injection.
• Only one payment per bug will be awarded.
• Bugs in third-party applications, third-party websites that integrate with Facebook, Denial of Service Vulnerabilities or Spam or Social Engineering techniques will not be eligible.

Facebook said that it a typical bounty is $500 but it may “increase the reward for specific bugs.” To get the this reward, the security bugs must be reported at Whitehat page