Popular social networking site Facebook, which according to the latest statistics has more than 750 million registered users, has decided to follow in the footsteps of Google and Mozilla and introduce a bug bounty program. This means that Facebook is giving security researchers the chance to earn some money. And when I say “some money” I mean at least $500.

Facebook explained that as part of its bug bounty program it will pay hackers upwards of $500 if they find security holes and report them to its security team – vulnerabilities that could compromise either the integrity or privacy of Facebook user data, like cross-site scripting (XSS), cross-site request forgery (CSRF) or remote code injection. The aforementioned amount of $500 is the base rate it will pay for security holes, clarified Facebook. A lot more money will be paid for “truly significant” security holes – just that Facebook did not say precisely how much.

“In the past we’ve focused on name recognition by putting their name up on our page, sending schwag out and using this an avenue for interviews and the recruiting process,” said Alex Rice, Facebook’s product security lead. “We’re extending that now to start paying out monetary rewards.”

If you have a security hole and you would like to make some money by reporting it to Facebook, you need only visit this webpage. Click the link and you will be directed to Facebook page that asks a simple question: “Are you a security researcher?” Answer “No” and you will be directed to a generic quiz on security. Answer “yes” and you will be able to submit your security hole.

Please note that you will get the money only if you follow Facebook’s Responsible Disclosure Policy which states, among other things, that Facebook must be given reasonable time to respond before details of the vulnerability are released to the public.

Additional information on Facebook’s bug bounty program is available here.