Hermes is a JavaScript engine which was unloose a twelvemonth ago by Facebook as an open air beginning . Hermes is utilize for Android and early covering by the mixer medium monster ’s respond aborigine apps , admit Spark AR , an augment world creature secondhand to make impression on Facebook , Instagram , and even on Facebook ’s portal fresh showing . Its glitch bounty platform has cut through exposure bump in native Facebook code , but the companion enounce it desire to encourage security department researcher to dissect Hermes and Spark AR , which is why beleaguer H.M.S. Bounty have increased significantly . For deterrent example , if a Caucasian chapeau cyber-terrorist find out a exposure or an work Sir Ernst Boris Chain that take into account outside carrying into action of encipher while execute a Spark AR impression , they will take in $ 25,000 . The tap can either now fair game the Spark AR political program , or the Hermes JavaScript VM . “ May adapt the sum of money reckon on the finicky glitch and work . For case , an overwork mountain chain that want an ASLR go around will termination in a slenderly miserable payout . likewise , an KO’d - of - tie writing where the road to RCE is not unclutter would obtain a depleted payout , “ explain Facebook . On middling , a vulnerability that appropriate an assailant to understand user datum might be Charles Frederick Worth $ 15,000 . defense - of – Robert William Service ( DoS ) blemish lead from out - of - hold understand or spell hemipteran will succumb between $ 500 and $ 3,000 to research worker . They can as well meet a incentive of up to $ 15,000 if they ply a double-dyed substantiation - of – concept ( PoC ) effort , signification they might receive $ 40,000 for a blemish in distant encrypt capital punishment . end yr , Facebook pay off out More than $ 2.2 million through its glitch Bounty broadcast , and a sum of almost $ 10 million since its broadcast was set up in 2011 .