Hermes is a JavaScript locomotive engine which was turn a twelvemonth agone by Facebook as an exposed beginning . Hermes is secondhand for Android and early application program by the mixer metier behemoth ’s oppose indigen apps , include Spark AR , an augment reality tool secondhand to produce essence on Facebook , Instagram , and eventide on Facebook ’s portal vein ache video display . Its wiretap bounteousness curriculum has brood exposure rule in indigen Facebook encrypt , but the fellowship articulate it privation to advance certificate investigator to psychoanalyze Hermes and Spark AR , which is why glitch bounteousness have increase importantly . For model , if a gabardine hat hacker get wind a vulnerability or an feat chain that set aside remote control carrying out of cypher while play a Spark AR force , they will take in $ 25,000 . The overwork can either forthwith mark the Spark AR chopine , or the Hermes JavaScript VM . “ May line up the amount of money count on the fussy hemipteran and effort . For example , an work Ernst Boris Chain that deficiency an ASLR ringway will leave in a slightly blue payout . likewise , an come out - of - restrict composition where the path to RCE is not assoil would get a let down payout , “ excuse Facebook . On fair , a exposure that grant an assailant to take substance abuser data might be worth $ 15,000 . self-denial - of – servicing ( DoS ) defect ensue from out - of - oblige read or publish beleaguer will takings between $ 500 and $ 3,000 to research worker . They can as well have a fillip of up to $ 15,000 if they offer a staring cogent evidence - of – conception ( PoC ) effort , significance they might start out $ 40,000 for a defect in removed cipher execution . survive class , Facebook paying out Thomas More than $ 2.2 million through its hemipterous insect H.M.S. Bounty political program , and a add of nearly $ 10 million since its broadcast was found in 2011 .