Basically, if you find an original bug within the Facebook software and system, they’ll reward you with up to $500. There are stipulations to the rules, though. They allow this as showing appreciation for their security researchers. One cannot disclose personal information about others and must give Facebook 24 hours in good faith to fix the issue before going public with the bug. Only one bounty per security bug is given.